Re: [whatwg] Referer header sent with <a ping>?

Kornel Lesinski wrote:
> On Sun, 10 Feb 2008 10:42:47 -0000, Julian Reschke 
> <julian.reschke@gmx.de> wrote:
> 
>> So you're saying that recipients treat the absence of a Referer header 
>> as indication the offering page was from the same origin? That would 
>> IMHO be contrary to what RFC2616 defines (the absence of the Referer 
>> header means that the Referrer either doesn't have a URI, or the 
>> client doesn't want to reveal it).
> 
> If client does not reveal referrer, the website can't tell if request 
> was local or from another site. In order to avoid blocking legitimate 

Yes.

> requests (local request from client/proxy that hides referrer) websites 

It could be non-local as well.

> have to accept all requests without Referer.

Ok.

So why not use something else for filtering ping requests? Why does it 
need to use the Referer header?

 > ...

BR, Julian

Received on Tuesday, 12 February 2008 21:35:11 UTC