[wp-trac] [WordPress Trac] #14971: X-Pingback header set when no pingbacks accepted

WordPress Trac wp-trac at lists.automattic.com
Mon Sep 27 17:17:22 UTC 2010

#14971: X-Pingback header set when no pingbacks accepted
 Reporter:  niallkennedy      |       Owner:                 
     Type:  enhancement       |      Status:  new            
 Priority:  normal            |   Milestone:  Awaiting Review
Component:  Pings/Trackbacks  |     Version:                 
 Severity:  normal            |    Keywords:  has-patch      

Comment(by niallkennedy):

 Replying to [comment:1 filosofo]:

 > I'm not sure about this.  Wouldn't it be better to respond according to
 the [http://www.hixie.ch/specs/pingback/pingback#return spec] with an
 error code 49, "Access Denied"? (I have no idea what it currently does.)
 > It's not that the XMLRPC server resource doesn't exist; it's that
 pingbacks aren't allowed.  Having an accurate error response would be more
 helpful for the pinging client, because then it knows that there is a
 policy preventing pingbacks and not just that it has the wrong location or
 there is a temporary resource failure.

 Should a include a stylesheet it knows will 404? A pingback advertised on
 a non pingback-enabled resource is setting up an additional client-server
 roundtrip we know will fail.

   A pingback-enabled resource MUST either be served with an X-Pingback
 HTTP header or contain a <link> element, or both.

 I believe a blog with default ping status set to off, and all posts set to
 off is not pingback-enabled. Similarly, a post with ping status set to off
 is not pingback-enabled.

 The discovery process described in the spec:

  1. Look for X-Pingback header
  1. If none, look for link rel=pingback URI
  1. If none, this resource does not support pingback

 We are trying to deliver the "resource does not support pingback"
 response. Not advertising the pingback endpoint in HTTP headers or in
 <link> meets that requirement. An XML-RPC response from the pingback
 server also satisfies, and should be in place just in case the endpoint is
 queried for the target URI. Seems best to remove the resource's external
 link you know will fail.

 > Also, the X-Pingback header is only one way of providing server auto-
 discovery; the other is the `<link>` HTML head element, which is baked
 into many WP themes.

   HTML and XHTML documents MAY include a <link> element in addition to an
 HTTP header, although this is discouraged.

 The spec discourages use of both the HTTP header and link rel=pingback.

Ticket URL: <http://core.trac.wordpress.org/ticket/14971#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list