W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2009

Re: Sending Referer [#144]

From: Adam Barth <w3c@adambarth.com>
Date: Mon, 1 Jun 2009 12:03:10 -0700
Message-ID: <7789133a0906011203p1c5e7c8ar4458c144f20990c6@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Mon, Jun 1, 2009 at 11:40 AM, Adam Barth <w3c@adambarth.com> wrote:
> With regards to the 'null' value, we should try to pick a value that's
> friendly to regular expressions (i.e., avoids . / [ and similar
> characters) because many web application firewalls (who would use this
> value) express their rules in terms of regular expressions.

One possible value we could use is

about:blank

There is an I-D kicking around somewhere that defines the about
scheme.  The author might be amenable to allowing about:blank to be
used here (e.g., as a "placeholder" URI when no other URI is
appropriate).

Another possibility is to use something like

about:noreferrer

and define about:noreferrer to return a resource that describes what
the value means in the Referer header (e.g., the relevant requirements
from HTTPbis).

Adam
Received on Monday, 1 June 2009 19:04:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:03 GMT