Permalink
Browse files

[g] (2) Let's try a new strategy for ping=''.

git-svn-id: http://svn.whatwg.org/webapps@1235 340c8d12-0b0e-0410-8428-c7bf67bfef74
  • Loading branch information...
1 parent 813b44f commit 2b44075877450c7452df882b38c2cc8f8c2dd2db @Hixie Hixie committed Feb 20, 2008
Showing with 73 additions and 26 deletions.
  1. +33 −13 index
  2. +40 −13 source
View
46 index
@@ -31757,19 +31757,39 @@ interface <dfn id=sqlstatementerrorcallback>SQLStatementErrorCallback</dfn> {
third-party URIs).
<p>For URIs that are HTTP URIs, the requests must be performed using the
- POST method (with an empty entity body in the request). The request must
- include a <code title="">Referer</code> HTTP header with the exact value
- "<code title="">#PING</code>". All relevant cookie and HTTP authentication
- headers must be included in the request. In addition, if the document
- containing the hyperlink being audited was not retrieved over an encrypted
- connection, or if both the URI of that document <em>and</em> the ping URI
- have the same <a
- href="#origin0">origin</a><!-- XXX xref, and check that _URIs_ can have
- origins -->,
- then the request must also include a <code title="">Ping-From</code> HTTP
- header with, as its value, the location of the document containing the
- hyperlink, and a <code title="">Ping-To</code> HTTP header with, as its
- value, the address of the target of the hyperlink.
+ POST method (with an empty entity body in the request). All relevant
+ cookie and HTTP authentication headers must be included in the request.
+ Which other headers are required depends on the URIs involved.
+
+ <dl class=switch>
+ <dt>If both the URI of the document containing the hyperlink being audited
+ and the ping URI have the same <a href="#origin0">origin</a><!-- XXX
+ xref, and check that _URIs_ can have origins -->
+
+ <dd>The request must include a <code title="">Ping-From</code> HTTP header
+ with, as its value, the location of the document containing the
+ hyperlink, and a <code title="">Ping-To</code> HTTP header with, as its
+ value, the address of the target of the hyperlink. The request must not
+ include a <code title="">Referer</code> HTTP header.
+
+ <dt>Otherwise, if the origins are different, but the document containing
+ the hyperlink being audited was not retrieved over an encrypted
+ connection
+
+ <dd>The request must include a <code title="">Referer</code> HTTP header
+ [sic] with, as its value, the location of the document containing the
+ hyperlink, a <code title="">Ping-From</code> HTTP header with the same
+ value, and a <code title="">Ping-To</code> HTTP header with, as its
+ value, the address of the target of the hyperlink.
+
+ <dt>Otherwise, the origins are different and the document containing the
+ hyperlink being audited was retrieved over an encrypted connection
+
+ <dd>The request must a <code title="">Ping-To</code> HTTP header with, as
+ its value, the address of the target of the hyperlink. The request must
+ neither include a <code title="">Referer</code> HTTP header nor include a
+ <code title="">Ping-From</code> HTTP header.
+ </dl>
<p class=note>To save bandwidth, implementors might also wish to consider
omitting optional headers such as <code>Accept</code> from these requests.
View
53 source
@@ -29302,19 +29302,46 @@ interface <dfn>SQLStatementErrorCallback</dfn> {
URIs).</p>
<p>For URIs that are HTTP URIs, the requests must be performed using
- the POST method (with an empty entity body in the request). The
- request must include a <code title="">Referer</code> HTTP header
- with the exact value "<code title="">#PING</code>". All relevant
- cookie and HTTP authentication headers must be included in the
- request. In addition, if the document containing the hyperlink being
- audited was not retrieved over an encrypted connection, or if both
- the URI of that document <em>and</em> the ping URI have the same
- <span>origin</span><!-- XXX xref, and check that _URIs_ can have
- origins -->, then the request must also include a <code
- title="">Ping-From</code> HTTP header with, as its value, the
- location of the document containing the hyperlink, and a <code
- title="">Ping-To</code> HTTP header with, as its value, the address
- of the target of the hyperlink.</p>
+ the POST method (with an empty entity body in the request). All
+ relevant cookie and HTTP authentication headers must be included in
+ the request. Which other headers are required depends on the URIs
+ involved.</p>
+
+ <dl class="switch">
+
+ <dt>If both the URI of the document containing the hyperlink being
+ audited and the ping URI have the same <span>origin</span><!-- XXX
+ xref, and check that _URIs_ can have origins --></dt>
+
+ <dd>The request must include a <code title="">Ping-From</code> HTTP
+ header with, as its value, the location of the document containing
+ the hyperlink, and a <code title="">Ping-To</code> HTTP header
+ with, as its value, the address of the target of the hyperlink. The
+ request must not include a <code title="">Referer</code> HTTP
+ header.</dd>
+
+ <dt>Otherwise, if the origins are different, but the document
+ containing the hyperlink being audited was not retrieved over an
+ encrypted connection</dt>
+
+ <dd>The request must include a <code title="">Referer</code> HTTP
+ header [sic] with, as its value, the location of the document
+ containing the hyperlink, a <code title="">Ping-From</code> HTTP
+ header with the same value, and a <code title="">Ping-To</code>
+ HTTP header with, as its value, the address of the target of the
+ hyperlink.</dd>
+
+ <dt>Otherwise, the origins are different and the document
+ containing the hyperlink being audited was retrieved over an
+ encrypted connection</dt>
+
+ <dd>The request must a <code title="">Ping-To</code> HTTP header
+ with, as its value, the address of the target of the hyperlink. The
+ request must neither include a <code title="">Referer</code> HTTP
+ header nor include a <code title="">Ping-From</code> HTTP
+ header.</dd>
+
+ </dl>
<p class="note">To save bandwidth, implementors might also wish to
consider omitting optional headers such as <code>Accept</code> from

0 comments on commit 2b44075

Please sign in to comment.