[whatwg] Referer header sent with <a ping>?
Ian Hickson
ian at hixie.ch
Sat Feb 2 14:02:05 PST 2008
On Fri, 1 Feb 2008, Julian Reschke wrote:
> Ian Hickson wrote:
> > > This would make it easy to protect against unwanted ping-originated
> > > requests (one could configure server or set up application firewall to
> > > filter pings), and URL in <a ping> wouldn't have to contain copies of
> > > page's URL and href.
> >
> > What do people think of this idea:
> >
> > We make "Referer" always have the value "PING".
>
> Referer takes a relative reference, or a URI. Not a good idea.
Interesting.
I see two ways forward here. One would be to redefine Referer to remove
the relative URI thing, since, to my knowledge at least, nobody uses it.
The other is that we can define the magic value to be "#PING" instead,
since that's a non-conforming Referer value right now.
Would that work for people? dolphinling? Darin?
> > We add two headers, "X-Ping-From" which has the value of the page that
> > had the link, and "X-Ping-To" which has the value of the page that is
> > being opened.
>
> You don't need any new headers.
>
> Define a content type, and send the information you want to transmit in
> the request body.
The idea, as others have noted, is to keep the entity body empty so as to
avoid any issues with servers that ignore the headers and process the body
(which is relatively common).
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list