[whatwg] Referer header sent with <a ping>?

On Fri, 1 Feb 2008, Julian Reschke wrote:
> Ian Hickson wrote:
> > > This would make it easy to protect against unwanted ping-originated
> > > requests (one could configure server or set up application firewall to
> > > filter pings), and URL in <a ping> wouldn't have to contain copies of
> > > page's URL and href.
> > 
> > What do people think of this idea:
> > 
> > We make "Referer" always have the value "PING".
> 
> Referer takes a relative reference, or a URI. Not a good idea.

Interesting.

I see two ways forward here. One would be to redefine Referer to remove 
the relative URI thing, since, to my knowledge at least, nobody uses it.

The other is that we can define the magic value to be "#PING" instead, 
since that's a non-conforming Referer value right now.

Would that work for people? dolphinling? Darin?


> > We add two headers, "X-Ping-From" which has the value of the page that 
> > had the link, and "X-Ping-To" which has the value of the page that is 
> > being opened.
> 
> You don't need any new headers.
> 
> Define a content type, and send the information you want to transmit in 
> the request body.

The idea, as others have noted, is to keep the entity body empty so as to 
avoid any issues with servers that ignore the headers and process the body 
(which is relatively common).

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Saturday, 2 February 2008 14:02:05 UTC