W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2006

[whatwg] no referer attrribute for <a>, same reason as ping

From: Tyler Close <tyler.close@gmail.com>
Date: Wed, 18 Jan 2006 14:02:54 -0800
Message-ID: <5691356f0601181402i397e2fd0k748283cf3d79539a@mail.gmail.com>
I wrote:
> It would be nice to be able to directly specify the referer behaviour
> on the <a> element, instead of resorting to the same trickery
> currently used for click tracking.

Here's a concrete proposal for what this could be:

The <a> element gets a new attribute named "referer" [sic]. The
possible values are: "none|site|path|page", where the value of the
Referer header is:

"none": The Referer header must not be sent
"site": The request URI, stripped of the path and query components
"path": The request URI, stripped of the query component
"page": The request URI

For example, for a document fetched from
<http://example.com/a/b/c?q#f>, the Referer for a clicked <a> element
would be:

"none": No Referer sent
"site": http://example.com/
"path": http://example.com/a/b/c
"page": http://example.com/a/b/c?q

In an ideal world, it might be nice to also have a "link" option,
where the Referer header would contain the request URI with a fragment
appended, whose value is the "name" attribute of the clicked <a>
element. This feature would give us a kind of bidirectional link.
Unfortunately, RFC 2616 forbids fragments in the Referer header.

I think the "none" option is really important for making it easier to
produce secure web applications. The other options are "nice to
haves".

Tyler

--
The web-calculus is the union of REST and capability-based security:
http://www.waterken.com/dev/Web/

Name your trusted sites to distinguish them from phishing sites.
https://addons.mozilla.org/extensions/moreinfo.php?id=957
Received on Wednesday, 18 January 2006 14:02:54 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:25 UTC