- From: Darin Fisher <darinf@gmail.com>
- Date: Sat, 2 Feb 2008 08:10:42 -0800
On Feb 1, 2008 2:45 PM, Julian Reschke <julian.reschke at gmx.de> wrote: > Ian Hickson wrote: > >> This would make it easy to protect against unwanted ping-originated > >> requests (one could configure server or set up application firewall to > >> filter pings), and URL in <a ping> wouldn't have to contain copies of > >> page's URL and href. > > > > What do people think of this idea: > > > > We make "Referer" always have the value "PING". > > Referer takes a relative reference, or a URI. Not a good idea. > Indeed :( http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.36 > > > We add two headers, "X-Ping-From" which has the value of the page that > had > > the link, and "X-Ping-To" which has the value of the page that is being > > opened. > > You don't need any new headers. > > Define a content type, and send the information you want to transmit in > the request body. > > > We continue to send all cookie and authentication headers. > > > > What do people think? Would this address all the issues raised? > > > BR, Julian > > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20080202/69d5f7ef/attachment.htm>
Received on Saturday, 2 February 2008 08:10:42 UTC