W3C home > Mailing lists > Public > public-html@w3.org > February 2008

Re: [whatwg] Referer header sent with <a ping>?

From: Julian Reschke <julian.reschke@gmx.de>
Date: Tue, 12 Feb 2008 22:27:04 +0100
Message-ID: <47B20F28.7000308@gmx.de>
To: Kornel Lesinski <kornel@geekhood.net>
CC: "public-html@w3.org" <public-html@w3.org>

Kornel Lesinski wrote:
> On Sun, 10 Feb 2008 10:42:47 -0000, Julian Reschke 
> <julian.reschke@gmx.de> wrote:
> 
>> So you're saying that recipients treat the absence of a Referer header 
>> as indication the offering page was from the same origin? That would 
>> IMHO be contrary to what RFC2616 defines (the absence of the Referer 
>> header means that the Referrer either doesn't have a URI, or the 
>> client doesn't want to reveal it).
> 
> If client does not reveal referrer, the website can't tell if request 
> was local or from another site. In order to avoid blocking legitimate 

Yes.

> requests (local request from client/proxy that hides referrer) websites 

It could be non-local as well.

> have to accept all requests without Referer.

Ok.

So why not use something else for filtering ping requests? Why does it 
need to use the Referer header?

 > ...

BR, Julian
Received on Tuesday, 12 February 2008 21:35:11 UTC

This archive was generated by hypermail 2.3.1 : Monday, 29 September 2014 09:38:52 UTC