W3C home > Mailing lists > Public > public-html@w3.org > October 2007

spec review: ping attribute

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 26 Oct 2007 14:04:31 +0200
Message-ID: <4721D7CF.200@gmx.de>
To: HTML WG <public-html@w3.org>

Hi,

I was previously aware of a/@ping, but today I had a closer look at 
<http://www.w3.org/html/wg/html5/#hyperlink0>, currently stating:

"For URIs that are HTTP URIs, the requests must be performed using the 
POST method (with an empty entity body in the request). User agents must 
ignore any entity bodies returned in the responses, but must, unless 
otherwise specified by the user, honour the HTTP headers  in 
particular, HTTP cookie headers. [RFC2965]"

I'd like to understand why POST was selected for that. POST is an unsafe 
method, and it shouldn't be sent without the consent of the user -- in 
particular not if the target is on a different server.

Thus:

- please make it default to be invalid when on a different server, and

- choose a safe HTTP method, such as GET/HEAD (and yes, caching can be 
disabled through Cache-Control).

The spec continues with:

"When the ping  attribute is present, user agents should clearly 
indicate to the user that following the hyperlink will also cause 
secondary requests to be sent in the background, possibly including 
listing the actual target URIs."

This is good, but it's probably not clear enough -- at least FF3 is 
ignoring this.

Best regards, Julian
Received on Friday, 26 October 2007 12:04:49 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:38:50 UTC