Skip to content
Permalink
Browse files

[g] (2) Let's try a new strategy for ping=''.

git-svn-id: http://svn.whatwg.org/webapps@1235 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
Hixie committed Feb 20, 2008
1 parent 813b44f commit 2b44075877450c7452df882b38c2cc8f8c2dd2db
Showing with 73 additions and 26 deletions.
  1. +33 −13 index
  2. +40 −13 source
46 index
third-party URIs).

<p>For URIs that are HTTP URIs, the requests must be performed using the
POST method (with an empty entity body in the request). The request must
include a <code title="">Referer</code> HTTP header with the exact value
"<code title="">#PING</code>". All relevant cookie and HTTP authentication
headers must be included in the request. In addition, if the document
containing the hyperlink being audited was not retrieved over an encrypted
connection, or if both the URI of that document <em>and</em> the ping URI
have the same <a
href="#origin0">origin</a><!-- XXX xref, and check that _URIs_ can have
origins -->,
then the request must also include a <code title="">Ping-From</code> HTTP
header with, as its value, the location of the document containing the
hyperlink, and a <code title="">Ping-To</code> HTTP header with, as its
value, the address of the target of the hyperlink.
POST method (with an empty entity body in the request). All relevant
cookie and HTTP authentication headers must be included in the request.
Which other headers are required depends on the URIs involved.

<dl class=switch>
<dt>If both the URI of the document containing the hyperlink being audited
and the ping URI have the same <a href="#origin0">origin</a><!-- XXX
xref, and check that _URIs_ can have origins -->

<dd>The request must include a <code title="">Ping-From</code> HTTP header
with, as its value, the location of the document containing the
hyperlink, and a <code title="">Ping-To</code> HTTP header with, as its
value, the address of the target of the hyperlink. The request must not
include a <code title="">Referer</code> HTTP header.

<dt>Otherwise, if the origins are different, but the document containing
the hyperlink being audited was not retrieved over an encrypted
connection

<dd>The request must include a <code title="">Referer</code> HTTP header
[sic] with, as its value, the location of the document containing the
hyperlink, a <code title="">Ping-From</code> HTTP header with the same
value, and a <code title="">Ping-To</code> HTTP header with, as its
value, the address of the target of the hyperlink.

<dt>Otherwise, the origins are different and the document containing the
hyperlink being audited was retrieved over an encrypted connection

<dd>The request must a <code title="">Ping-To</code> HTTP header with, as
its value, the address of the target of the hyperlink. The request must
neither include a <code title="">Referer</code> HTTP header nor include a
<code title="">Ping-From</code> HTTP header.
</dl>

<p class=note>To save bandwidth, implementors might also wish to consider
omitting optional headers such as <code>Accept</code> from these requests.
53 source
URIs).</p>

<p>For URIs that are HTTP URIs, the requests must be performed using
the POST method (with an empty entity body in the request). The
request must include a <code title="">Referer</code> HTTP header
with the exact value "<code title="">#PING</code>". All relevant
cookie and HTTP authentication headers must be included in the
request. In addition, if the document containing the hyperlink being
audited was not retrieved over an encrypted connection, or if both
the URI of that document <em>and</em> the ping URI have the same
<span>origin</span><!-- XXX xref, and check that _URIs_ can have
origins -->, then the request must also include a <code
title="">Ping-From</code> HTTP header with, as its value, the
location of the document containing the hyperlink, and a <code
title="">Ping-To</code> HTTP header with, as its value, the address
of the target of the hyperlink.</p>
the POST method (with an empty entity body in the request). All
relevant cookie and HTTP authentication headers must be included in
the request. Which other headers are required depends on the URIs
involved.</p>

<dl class="switch">

<dt>If both the URI of the document containing the hyperlink being
audited and the ping URI have the same <span>origin</span><!-- XXX
xref, and check that _URIs_ can have origins --></dt>

<dd>The request must include a <code title="">Ping-From</code> HTTP
header with, as its value, the location of the document containing
the hyperlink, and a <code title="">Ping-To</code> HTTP header
with, as its value, the address of the target of the hyperlink. The
request must not include a <code title="">Referer</code> HTTP
header.</dd>

<dt>Otherwise, if the origins are different, but the document
containing the hyperlink being audited was not retrieved over an
encrypted connection</dt>

<dd>The request must include a <code title="">Referer</code> HTTP
header [sic] with, as its value, the location of the document
containing the hyperlink, a <code title="">Ping-From</code> HTTP
header with the same value, and a <code title="">Ping-To</code>
HTTP header with, as its value, the address of the target of the
hyperlink.</dd>

<dt>Otherwise, the origins are different and the document
containing the hyperlink being audited was retrieved over an
encrypted connection</dt>

<dd>The request must a <code title="">Ping-To</code> HTTP header
with, as its value, the address of the target of the hyperlink. The
request must neither include a <code title="">Referer</code> HTTP
header nor include a <code title="">Ping-From</code> HTTP
header.</dd>

</dl>

<p class="note">To save bandwidth, implementors might also wish to
consider omitting optional headers such as <code>Accept</code> from

0 comments on commit 2b44075

Please sign in to comment.
You can’t perform that action at this time.