W3C home > Mailing lists > Public > public-webapi@w3.org > June 2006

Re: Include Referer-HTTP-header in requests from XMLHttpRequests

From: Mark Baker <distobj@acm.org>
Date: Thu, 29 Jun 2006 14:08:49 -0400
Message-ID: <c70bc85d0606291108o6f71ca49p435e3ed30f902e69@mail.gmail.com>
To: "Subbu Allamaraju" <subbu.allamaraju@gmail.com>
Cc: public-webapi@w3.org

On 6/29/06, Subbu Allamaraju <subbu.allamaraju@gmail.com> wrote:
> Even in the single domain case, there could be lots of apps and resources,
> and the Referer header could be used for whatever use cases that this header
> is used for non-XHR requests today.

AFAIK, the main use case for Referer today is simply to find out who's
linking to your site, which isn't relevant to single-domain.

> One use case is to find out the context
> in which the request was generated for analytics purposes. It would be
> useful to encourage browsers to send this header.

I'm unconvinced.  I'm happy to leave the decision to implementors.

I do note though, that Referer is listed as a request header that
can't be set by a script, which seems unnecessarily restrictive to me.
 Maciej said[1] this was for in part for security reasons, but I don't
think that's relevant in the single domain case.  I'd therefore be
open to suggesting it be removed from that list, enabling authors to
set it themselves.

 [1] http://lists.w3.org/Archives/Public/public-webapi/2006Apr/0225

Mark.
Received on Thursday, 29 June 2006 18:08:58 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:55 GMT