- From: Tyler Close <tyler.close@gmail.com>
- Date: Wed, 18 Jan 2006 14:02:54 -0800
I wrote: > It would be nice to be able to directly specify the referer behaviour > on the <a> element, instead of resorting to the same trickery > currently used for click tracking. Here's a concrete proposal for what this could be: The <a> element gets a new attribute named "referer" [sic]. The possible values are: "none|site|path|page", where the value of the Referer header is: "none": The Referer header must not be sent "site": The request URI, stripped of the path and query components "path": The request URI, stripped of the query component "page": The request URI For example, for a document fetched from <http://example.com/a/b/c?q#f>, the Referer for a clicked <a> element would be: "none": No Referer sent "site": http://example.com/ "path": http://example.com/a/b/c "page": http://example.com/a/b/c?q In an ideal world, it might be nice to also have a "link" option, where the Referer header would contain the request URI with a fragment appended, whose value is the "name" attribute of the clicked <a> element. This feature would give us a kind of bidirectional link. Unfortunately, RFC 2616 forbids fragments in the Referer header. I think the "none" option is really important for making it easier to produce secure web applications. The other options are "nice to haves". Tyler -- The web-calculus is the union of REST and capability-based security: http://www.waterken.com/dev/Web/ Name your trusted sites to distinguish them from phishing sites. https://addons.mozilla.org/extensions/moreinfo.php?id=957
Received on Wednesday, 18 January 2006 14:02:54 UTC