[g] (2) Let's try a new strategy for ping=''.

git-svn-id: http://svn.whatwg.org/webapps@1235 340c8d12-0b0e-0410-8428-c7bf67bfef74
whatwg · Feb 20, 2008 · 2b44075 · 2b44075
1 parent 813b44f
commit 2b44075
Show file tree

Hide file tree

Showing 2 changed files with 73 additions and 26 deletions.
diff --git a/index b/index
@@ -31757,19 +31757,39 @@ interface <dfn id=sqlstatementerrorcallback>SQLStatementErrorCallback</dfn> {
    third-party URIs).
 
   <p>For URIs that are HTTP URIs, the requests must be performed using the
-   POST method (with an empty entity body in the request). The request must
-   include a <code title="">Referer</code> HTTP header with the exact value
-   "<code title="">#PING</code>". All relevant cookie and HTTP authentication
-   headers must be included in the request. In addition, if the document
-   containing the hyperlink being audited was not retrieved over an encrypted
-   connection, or if both the URI of that document <em>and</em> the ping URI
-   have the same <a
-   href="#origin0">origin</a><!-- XXX xref, and check that _URIs_ can have
-  origins -->,
-   then the request must also include a <code title="">Ping-From</code> HTTP
-   header with, as its value, the location of the document containing the
-   hyperlink, and a <code title="">Ping-To</code> HTTP header with, as its
-   value, the address of the target of the hyperlink.
+   POST method (with an empty entity body in the request). All relevant
+   cookie and HTTP authentication headers must be included in the request.
+   Which other headers are required depends on the URIs involved.
+
+  <dl class=switch>
+   <dt>If both the URI of the document containing the hyperlink being audited
+    and the ping URI have the same <a href="#origin0">origin</a><!-- XXX
+   xref, and check that _URIs_ can have origins -->
+
+   <dd>The request must include a <code title="">Ping-From</code> HTTP header
+    with, as its value, the location of the document containing the
+    hyperlink, and a <code title="">Ping-To</code> HTTP header with, as its
+    value, the address of the target of the hyperlink. The request must not
+    include a <code title="">Referer</code> HTTP header.
+
+   <dt>Otherwise, if the origins are different, but the document containing
+    the hyperlink being audited was not retrieved over an encrypted
+    connection
+
+   <dd>The request must include a <code title="">Referer</code> HTTP header
+    [sic] with, as its value, the location of the document containing the
+    hyperlink, a <code title="">Ping-From</code> HTTP header with the same
+    value, and a <code title="">Ping-To</code> HTTP header with, as its
+    value, the address of the target of the hyperlink.
+
+   <dt>Otherwise, the origins are different and the document containing the
+    hyperlink being audited was retrieved over an encrypted connection
+
+   <dd>The request must a <code title="">Ping-To</code> HTTP header with, as
+    its value, the address of the target of the hyperlink. The request must
+    neither include a <code title="">Referer</code> HTTP header nor include a
+    <code title="">Ping-From</code> HTTP header.
+  </dl>
 
   <p class=note>To save bandwidth, implementors might also wish to consider
    omitting optional headers such as <code>Accept</code> from these requests.

diff --git a/source b/source
@@ -29302,19 +29302,46 @@ interface <dfn>SQLStatementErrorCallback</dfn> {
   URIs).</p>
 
   <p>For URIs that are HTTP URIs, the requests must be performed using
-  the POST method (with an empty entity body in the request). The
-  request must include a <code title="">Referer</code> HTTP header
-  with the exact value "<code title="">#PING</code>".  All relevant
-  cookie and HTTP authentication headers must be included in the
-  request. In addition, if the document containing the hyperlink being
-  audited was not retrieved over an encrypted connection, or if both
-  the URI of that document <em>and</em> the ping URI have the same
-  <span>origin</span><!-- XXX xref, and check that _URIs_ can have
-  origins -->, then the request must also include a <code
-  title="">Ping-From</code> HTTP header with, as its value, the
-  location of the document containing the hyperlink, and a <code
-  title="">Ping-To</code> HTTP header with, as its value, the address
-  of the target of the hyperlink.</p>
+  the POST method (with an empty entity body in the request). All
+  relevant cookie and HTTP authentication headers must be included in
+  the request. Which other headers are required depends on the URIs
+  involved.</p>
+
+  <dl class="switch">
+
+   <dt>If both the URI of the document containing the hyperlink being
+   audited and the ping URI have the same <span>origin</span><!-- XXX
+   xref, and check that _URIs_ can have origins --></dt>
+
+   <dd>The request must include a <code title="">Ping-From</code> HTTP
+   header with, as its value, the location of the document containing
+   the hyperlink, and a <code title="">Ping-To</code> HTTP header
+   with, as its value, the address of the target of the hyperlink. The
+   request must not include a <code title="">Referer</code> HTTP
+   header.</dd>
+
+   <dt>Otherwise, if the origins are different, but the document
+   containing the hyperlink being audited was not retrieved over an
+   encrypted connection</dt>
+
+   <dd>The request must include a <code title="">Referer</code> HTTP
+   header [sic] with, as its value, the location of the document
+   containing the hyperlink, a <code title="">Ping-From</code> HTTP
+   header with the same value, and a <code title="">Ping-To</code>
+   HTTP header with, as its value, the address of the target of the
+   hyperlink.</dd>
+
+   <dt>Otherwise, the origins are different and the document
+   containing the hyperlink being audited was retrieved over an
+   encrypted connection</dt>
+
+   <dd>The request must a <code title="">Ping-To</code> HTTP header
+   with, as its value, the address of the target of the hyperlink. The
+   request must neither include a <code title="">Referer</code> HTTP
+   header nor include a <code title="">Ping-From</code> HTTP
+   header.</dd>
+
+  </dl>
 
   <p class="note">To save bandwidth, implementors might also wish to
   consider omitting optional headers such as <code>Accept</code> from