HTML Standard Tracker

Filter

File a bug

SVNBugCommentTime (UTC)
1235[Gecko] Let's try a new strategy for ping=''.2008-02-20 19:26
@@ -29295,33 +29295,60 @@ interface <dfn>SQLStatementErrorCallback</dfn> {
 
   <p>User agents should allow the user to adjust this behaviour, for
   example in conjunction with a setting that disables the sending of
   HTTP <code title="">Referer</code> headers. Based on the user's
   preferences, UAs may either <span>ignore</span> the <code
   title="attr-hyperlink-ping">ping</code> attribute altogether, or
   selectively ignore URIs in the list (e.g. ignoring any third-party
   URIs).</p>
 
   <p>For URIs that are HTTP URIs, the requests must be performed using
-  the POST method (with an empty entity body in the request). The
-  request must include a <code title="">Referer</code> HTTP header
-  with the exact value "<code title="">#PING</code>".  All relevant
-  cookie and HTTP authentication headers must be included in the
-  request. In addition, if the document containing the hyperlink being
-  audited was not retrieved over an encrypted connection, or if both
-  the URI of that document <em>and</em> the ping URI have the same
-  <span>origin</span><!-- XXX xref, and check that _URIs_ can have
-  origins -->, then the request must also include a <code
-  title="">Ping-From</code> HTTP header with, as its value, the
-  location of the document containing the hyperlink, and a <code
-  title="">Ping-To</code> HTTP header with, as its value, the address
-  of the target of the hyperlink.</p>
+  the POST method (with an empty entity body in the request). All
+  relevant cookie and HTTP authentication headers must be included in
+  the request. Which other headers are required depends on the URIs
+  involved.</p>
+
+  <dl class="switch">
+
+   <dt>If both the URI of the document containing the hyperlink being
+   audited and the ping URI have the same <span>origin</span><!-- XXX
+   xref, and check that _URIs_ can have origins --></dt>
+
+   <dd>The request must include a <code title="">Ping-From</code> HTTP
+   header with, as its value, the location of the document containing
+   the hyperlink, and a <code title="">Ping-To</code> HTTP header
+   with, as its value, the address of the target of the hyperlink. The
+   request must not include a <code title="">Referer</code> HTTP
+   header.</dd>
+
+   <dt>Otherwise, if the origins are different, but the document
+   containing the hyperlink being audited was not retrieved over an
+   encrypted connection</dt>
+
+   <dd>The request must include a <code title="">Referer</code> HTTP
+   header [sic] with, as its value, the location of the document
+   containing the hyperlink, a <code title="">Ping-From</code> HTTP
+   header with the same value, and a <code title="">Ping-To</code>
+   HTTP header with, as its value, the address of the target of the
+   hyperlink.</dd>
+
+   <dt>Otherwise, the origins are different and the document
+   containing the hyperlink being audited was retrieved over an
+   encrypted connection</dt>
+
+   <dd>The request must a <code title="">Ping-To</code> HTTP header
+   with, as its value, the address of the target of the hyperlink. The
+   request must neither include a <code title="">Referer</code> HTTP
+   header nor include a <code title="">Ping-From</code> HTTP
+   header.</dd>
+
+  </dl>
 
   <p class="note">To save bandwidth, implementors might also wish to
   consider omitting optional headers such as <code>Accept</code> from
   these requests.</p>
 
   <p>User agents must ignore any entity bodies returned in the
   responses, but must, unless otherwise specified by the user, honor
   the HTTP headers (including, in particular, redirects and HTTP
   cookie headers). <a href="#refsRFC2965">[RFC2965]</a></p>
 

|