[whatwg] Referer header sent with <a ping>?

Ian Hickson wrote:
>> This would make it easy to protect against unwanted ping-originated 
>> requests (one could configure server or set up application firewall to 
>> filter pings), and URL in <a ping> wouldn't have to contain copies of 
>> page's URL and href.
> 
> What do people think of this idea:
> 
> We make "Referer" always have the value "PING".

Referer takes a relative reference, or a URI. Not a good idea.

> We add two headers, "X-Ping-From" which has the value of the page that had 
> the link, and "X-Ping-To" which has the value of the page that is being 
> opened.

You don't need any new headers.

Define a content type, and send the information you want to transmit in 
the request body.

> We continue to send all cookie and authentication headers.
> 
> What do people think? Would this address all the issues raised?


BR, Julian

Received on Friday, 1 February 2008 14:45:37 UTC