- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Fri, 01 Feb 2008 23:45:37 +0100
Ian Hickson wrote: >> This would make it easy to protect against unwanted ping-originated >> requests (one could configure server or set up application firewall to >> filter pings), and URL in <a ping> wouldn't have to contain copies of >> page's URL and href. > > What do people think of this idea: > > We make "Referer" always have the value "PING". Referer takes a relative reference, or a URI. Not a good idea. > We add two headers, "X-Ping-From" which has the value of the page that had > the link, and "X-Ping-To" which has the value of the page that is being > opened. You don't need any new headers. Define a content type, and send the information you want to transmit in the request body. > We continue to send all cookie and authentication headers. > > What do people think? Would this address all the issues raised? BR, Julian
Received on Friday, 1 February 2008 14:45:37 UTC