Changeset 593 for draft-ietf-httpbis


Ignore:
Timestamp:
Jun 13, 2009, 12:12:22 AM (10 years ago)
Author:
julian.reschke@…
Message:

Allow Referer value of "about:blank" as alternative to not specifying it (related to #144)

Location:
draft-ietf-httpbis/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p2-semantics.html

    r591 r593  
    471471         <tr>
    472472            <td class="header left"></td>
    473             <td class="header right">June 4, 2009</td>
     473            <td class="header right">June 13, 2009</td>
    474474         </tr>
    475475      </table>
     
    15721572      <h2 id="rfc.section.9.6"><a href="#rfc.section.9.6">9.6</a>&nbsp;<a id="header.referer" href="#header.referer">Referer</a></h2>
    15731573      <p id="rfc.section.9.6.p.1">The request-header field "Referer" [sic] allows the client to specify, for the server's benefit, the address (URI) of the
    1574          resource from which the request-target was obtained (the "referrer", although the header field is misspelled.) The Referer
    1575          request-header allows a server to generate lists of back-links to resources for interest, logging, optimized caching, etc.
    1576          It also allows obsolete or mistyped links to be traced for maintenance. The Referer field <em class="bcp14">MUST NOT</em> be sent if the request-target was obtained from a source that does not have its own URI, such as input from the user keyboard.
     1574         resource from which the request-target was obtained (the "referrer", although the header field is misspelled.).
     1575      </p>
     1576      <p id="rfc.section.9.6.p.2">The Referer header allows servers to generate lists of back-links to resources for interest, logging, optimized caching, etc.
     1577         It also allows obsolete or mistyped links to be traced for maintenance. Some servers use Referer as a means of controlling
     1578         where they allow links from (so-called "deep linking"), but it should be noted that legitimate requests are not required to
     1579         contain a Referer header field.
     1580      </p>
     1581      <p id="rfc.section.9.6.p.3">If the request-target was obtained from a source that does not have its own URI (e.g., input from the user keyboard), the
     1582         Referer field MUST either be sent with the value "about:blank", or not be sent at all. Note that this requirement does not
     1583         apply to sources with non-HTTP URIs (e.g., FTP).
    15771584      </p>
    15781585      <div id="rfc.figure.u.20"></div><pre class="inline"><span id="rfc.iref.g.22"></span><span id="rfc.iref.g.23"></span>  <a href="#header.referer" class="smpl">Referer</a>        = "Referer" ":" <a href="#core.rules" class="smpl">OWS</a> <a href="#header.referer" class="smpl">Referer-v</a>
    15791586  <a href="#header.referer" class="smpl">Referer-v</a>      = <a href="#abnf.dependencies" class="smpl">absolute-URI</a> / <a href="#abnf.dependencies" class="smpl">partial-URI</a>
    1580 </pre><p id="rfc.section.9.6.p.3">Example:</p>
     1587</pre><p id="rfc.section.9.6.p.5">Example:</p>
    15811588      <div id="rfc.figure.u.21"></div><pre class="text">  Referer: http://www.example.org/hypertext/Overview.html
    1582 </pre><p id="rfc.section.9.6.p.5">If the field value is a relative URI, it <em class="bcp14">SHOULD</em> be interpreted relative to the request-target. The URI <em class="bcp14">MUST NOT</em> include a fragment. See <a href="#encoding.sensitive.information.in.uris" title="Encoding Sensitive Information in URIs">Section&nbsp;11.2</a> for security considerations.
     1589</pre><p id="rfc.section.9.6.p.7">If the field value is a relative URI, it <em class="bcp14">SHOULD</em> be interpreted relative to the request-target. The URI <em class="bcp14">MUST NOT</em> include a fragment. See <a href="#encoding.sensitive.information.in.uris" title="Encoding Sensitive Information in URIs">Section&nbsp;11.2</a> for security considerations.
    15831590      </p>
    15841591      <div id="rfc.iref.r.2"></div>
     
    22432250         as to when it would not be appropriate. (<a href="#header.location" id="rfc.xref.header.location.4" title="Location">Section&nbsp;9.4</a>)
    22442251      </p>
    2245       <p id="rfc.section.A.2.p.7">In the description of the Server header, the Via field was described as a SHOULD. The requirement was and is stated correctly
     2252      <p id="rfc.section.A.2.p.7">Allow Referer value of "about:blank" as alternative to not specifying it. (<a href="#header.referer" id="rfc.xref.header.referer.3" title="Referer">Section&nbsp;9.6</a>)
     2253      </p>
     2254      <p id="rfc.section.A.2.p.8">In the description of the Server header, the Via field was described as a SHOULD. The requirement was and is stated correctly
    22462255         in the description of the Via header in <a href="p1-messaging.html#header.via" title="Via">Section 8.9</a> of <a href="#Part1" id="rfc.xref.Part1.28"><cite title="HTTP/1.1, part 1: URIs, Connections, and Message Parsing">[Part1]</cite></a>. (<a href="#header.server" id="rfc.xref.header.server.4" title="Server">Section&nbsp;9.8</a>)
    22472256      </p>
     
    24812490      <p id="rfc.section.C.8.p.1">Closed issues: </p>
    24822491      <ul>
     2492         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/144">http://tools.ietf.org/wg/httpbis/trac/ticket/144</a>&gt;: "Clarify when Referer is sent"
     2493         </li>
    24832494         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/164">http://tools.ietf.org/wg/httpbis/trac/ticket/164</a>&gt;: "status codes vs methods"
    24842495         </li>
     
    26132624                        <li class="indline1">Location&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.location.1">5</a>, <a class="iref" href="#rfc.xref.header.location.2">7.5</a>, <a class="iref" href="#rfc.iref.h.5"><b>9.4</b></a>, <a class="iref" href="#rfc.xref.header.location.3">10.3</a>, <a class="iref" href="#rfc.xref.header.location.4">A.2</a></li>
    26142625                        <li class="indline1">Max-Forwards&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.max-forwards.1">3</a>, <a class="iref" href="#rfc.xref.header.max-forwards.2">7.8</a>, <a class="iref" href="#rfc.iref.h.6"><b>9.5</b></a>, <a class="iref" href="#rfc.xref.header.max-forwards.3">10.3</a></li>
    2615                         <li class="indline1">Referer&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.referer.1">3</a>, <a class="iref" href="#rfc.iref.h.7"><b>9.6</b></a>, <a class="iref" href="#rfc.xref.header.referer.2">10.3</a></li>
     2626                        <li class="indline1">Referer&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.referer.1">3</a>, <a class="iref" href="#rfc.iref.h.7"><b>9.6</b></a>, <a class="iref" href="#rfc.xref.header.referer.2">10.3</a>, <a class="iref" href="#rfc.xref.header.referer.3">A.2</a></li>
    26162627                        <li class="indline1">Retry-After&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.retry-after.1">5</a>, <a class="iref" href="#rfc.iref.h.8"><b>9.7</b></a>, <a class="iref" href="#rfc.xref.header.retry-after.2">10.3</a></li>
    26172628                        <li class="indline1">Server&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.server.1">5</a>, <a class="iref" href="#rfc.iref.h.9"><b>9.8</b></a>, <a class="iref" href="#rfc.xref.header.server.2">10.3</a>, <a class="iref" href="#rfc.xref.header.server.3">11.1</a>, <a class="iref" href="#rfc.xref.header.server.4">A.2</a></li>
     
    27102721            </li>
    27112722            <li class="indline0"><a id="rfc.index.R" href="#rfc.index.R"><b>R</b></a><ul class="ind">
    2712                   <li class="indline1">Referer header&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.referer.1">3</a>, <a class="iref" href="#rfc.iref.r.1"><b>9.6</b></a>, <a class="iref" href="#rfc.xref.header.referer.2">10.3</a></li>
     2723                  <li class="indline1">Referer header&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.referer.1">3</a>, <a class="iref" href="#rfc.iref.r.1"><b>9.6</b></a>, <a class="iref" href="#rfc.xref.header.referer.2">10.3</a>, <a class="iref" href="#rfc.xref.header.referer.3">A.2</a></li>
    27132724                  <li class="indline1">Retry-After header&nbsp;&nbsp;<a class="iref" href="#rfc.xref.header.retry-after.1">5</a>, <a class="iref" href="#rfc.iref.r.2"><b>9.7</b></a>, <a class="iref" href="#rfc.xref.header.retry-after.2">10.3</a></li>
    27142725                  <li class="indline1"><em>RFC1945</em>&nbsp;&nbsp;<a class="iref" href="#rfc.xref.RFC1945.1">8.3.3</a>, <a class="iref" href="#RFC1945"><b>13.2</b></a></li>
  • draft-ietf-httpbis/latest/p2-semantics.xml

    r591 r593  
    20482048  <x:anchor-alias value="Referer-v"/>
    20492049<t>
    2050    The request-header field "Referer" [sic] allows the client to specify,
    2051    for the server's benefit, the address (URI) of the resource from
    2052    which the request-target was obtained (the "referrer", although the
    2053    header field is misspelled.) The Referer request-header allows a
    2054    server to generate lists of back-links to resources for interest,
    2055    logging, optimized caching, etc. It also allows obsolete or mistyped
    2056    links to be traced for maintenance. The Referer field &MUST-NOT; be
    2057    sent if the request-target was obtained from a source that does not have
    2058    its own URI, such as input from the user keyboard.
     2050   The request-header field "Referer" [sic] allows the client to specify, for
     2051   the server's benefit, the address (URI) of the resource from which the
     2052   request-target was obtained (the "referrer", although the header field is
     2053   misspelled.).
     2054</t>
     2055<t>
     2056   The Referer header allows servers to generate lists of back-links to
     2057   resources for interest, logging, optimized caching, etc. It also allows
     2058   obsolete or mistyped links to be traced for maintenance. Some servers use
     2059   Referer as a means of controlling where they allow links from (so-called
     2060   "deep linking"), but it should be noted that legitimate requests are not
     2061   required to contain a Referer header field.
     2062</t>
     2063<t>
     2064   If the request-target was obtained from a source that does not have its own
     2065   URI (e.g., input from the user keyboard), the Referer field MUST either be
     2066   sent with the value "about:blank", or not be sent at all. Note that this
     2067   requirement does not apply to sources with non-HTTP URIs (e.g., FTP).
    20592068</t>
    20602069<figure><artwork type="abnf2616"><iref primary="true" item="Grammar" subitem="Referer"/><iref primary="true" item="Grammar" subitem="Referer-v"/>
     
    32103219</t>
    32113220<t>
     3221  Allow Referer value of "about:blank" as alternative to not specifying it.
     3222  (<xref target="header.referer"/>)
     3223</t>
     3224<t>
    32123225  In the description of the Server header, the Via field
    32133226  was described as a SHOULD. The requirement was and is stated
     
    35713584  <list style="symbols">
    35723585    <t>
     3586      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/144"/>:
     3587      "Clarify when Referer is sent"
     3588    </t>
     3589    <t>
    35733590      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/164"/>:
    35743591      "status codes vs methods"
Note: See TracChangeset for help on using the changeset viewer.