W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2008

[whatwg] Referer header sent with <a ping>?

From: Julian Reschke <julian.reschke@gmx.de>
Date: Fri, 01 Feb 2008 23:45:37 +0100
Message-ID: <47A3A111.3030303@gmx.de>
Ian Hickson wrote:
>> This would make it easy to protect against unwanted ping-originated 
>> requests (one could configure server or set up application firewall to 
>> filter pings), and URL in <a ping> wouldn't have to contain copies of 
>> page's URL and href.
> 
> What do people think of this idea:
> 
> We make "Referer" always have the value "PING".

Referer takes a relative reference, or a URI. Not a good idea.

> We add two headers, "X-Ping-From" which has the value of the page that had 
> the link, and "X-Ping-To" which has the value of the page that is being 
> opened.

You don't need any new headers.

Define a content type, and send the information you want to transmit in 
the request body.

> We continue to send all cookie and authentication headers.
> 
> What do people think? Would this address all the issues raised?


BR, Julian
Received on Friday, 1 February 2008 14:45:37 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:39 UTC