This specification uses the link rel registry as defined by [[!HTML5]]
297 | for both HTML and HTTP link relations.
298 |
299 |
300 | Sending Webmentions
301 |
302 |
303 | Create a source document that mentions the target
304 |
305 | Webmentions are sent "from" a source URL "to" a target URL to notify the target that it has been mentioned at the source URL. Before a Webmention can be sent, there needs to be a source URL to send the Webmention "from", often a blog post but may be any type of content.
306 |
307 | For example, the URL at https://waterpigs.example/post-by-barnaby may contain the following HTML that has a link to Aaron's post.
308 | <!doctype html>
309 | <html>
310 | <body>
311 | <a href="https://aaronpk.example/post-by-aaron">This is a great post</a>
312 | </body>
313 | </html>
314 |
315 |
316 |
317 |
318 | Sender discovers receiver Webmention endpoint
319 |
320 | The sender MUST fetch the target URL (and follow redirects [[!FETCH]])
321 | and check for an HTTP Link header [[!RFC5988]]
322 | with a rel value of webmention. If the content type of the document
323 | is HTML, then the sender MUST look for an HTML <link> and
324 | <a> element with a rel value of webmention. If more than
325 | one of these is present, the first HTTP Link header takes precedence,
326 | followed by the first <link> or <a>
327 | element in document order. Senders MUST support all
328 | three options and fall back in this order.
329 |
330 | The endpoint MAY be a relative
331 | URL, in which case the sender MUST resolve it relative to the
332 | target URL according to [[!URL]].
333 |
334 | The endpoint MAY contain query string parameters, which MUST be
335 | preserved as query string parameters and MUST NOT be sent as POST body
336 | parameters when sending the Webmention request.
337 |
338 | Senders MAY initially make an HTTP HEAD request [[!RFC7231]] to
339 | check for the Link header before making a GET request.
340 |
341 | GET /post-by-aaron HTTP/1.1
342 | Host: aaronpk.example
343 | HTTP/1.1 200 OK
344 | Link: <http://aaronpk.example/webmention-endpoint>; rel="webmention"
345 |
346 | <html>
347 | <head>
348 | ...
349 | <link href="http://aaronpk.example/webmention-endpoint" rel="webmention" />
350 | ...
351 | </head>
352 | <body>
353 | ....
354 | <a href="http://aaronpk.example/webmention-endpoint" rel="webmention">webmention</a>
355 | ...
356 | </body>
357 | </html>
358 |
359 | Senders MAY customize the HTTP User Agent [[RFC7231]] used when fetching the target URL
360 | in order to indicate to the recipient that this request is made as part of Webmention discovery.
361 | In this case, it is recommended to include the string "Webmention" in the User Agent. This
362 | provides people with a pointer to find out why the discovery request was made.
363 |
364 |
365 |
366 | Sender notifies receiver
367 |
368 | The sender MUST post x-www-form-urlencoded [[!HTML5]] source and
369 | target parameters to the Webmention endpoint, where
370 | source is the URL of the sender's page containing a link,
371 | and target is the URL of the page being linked to.
372 |
373 | Note that if the Webmention endpoint URL contains query string parameters,
374 | the query string parameters MUST be preserved, and MUST NOT be sent in the
375 | POST body.
376 |
377 | The Webmention endpoint will validate and process the request, and
378 | return an HTTP status code [[!RFC7231]]. Most often, 202 Accepted
379 | or 201 Created will be returned, indicating that the
380 | request is queued and being processed asynchronously to prevent
381 | DoS attacks. If the response code is 201, the Location
382 | header will include a URL that can be used to monitor the
383 | status of the request.
384 |
385 | Any 2xx response code MUST be considered a success.
386 |
387 | POST /webmention-endpoint HTTP/1.1
388 | Host: aaronpk.example
389 | Content-Type: application/x-www-form-urlencoded
390 |
391 | source=https://waterpigs.example/post-by-barnaby&
392 | target=https://aaronpk.example/post-by-aaron
393 |
394 |
395 | HTTP/1.1 202 Accepted
396 |
397 |
398 |
399 | Sending Webmentions for updated posts
400 |
401 | If the source URL was updated, the sender SHOULD re-send any previously sent Webmentions,
402 | (including re-sending a Webmention to a URL that may have been removed from the document),
403 | and SHOULD send Webmentions for any new links that appear at the URL.
404 |
405 | This allows the recipients of Webmentions to update their display of the source document,
406 | or otherwise notify the recipient that a post that mentioned one of their URLs was updated.
407 |
408 | When sending a Webmention when a post is updated, the sender MUST re-discover the Webmention endpoint of each target URL, in case the target has updated their Webmention endpoint.
409 |
410 | If a response to the source URL is shown on the source URL page (e.g. as a comment), then sender SHOULD treat that as an update of the source URL and re-send any previously sent Webmentions.
411 |
412 |
413 | Sending Webmentions for deleted posts
414 |
415 | If the source URL was deleted, the sender SHOULD return an HTTP 410 Gone
416 | status code for the URL, and SHOULD display a "tombstone" representation of
417 | the deleted post, typically by blanking out the values of any properties in the post, and/or
418 | replacing the primary content of the post (e.g. the name and/or content of [[h-entry]])
419 | with "Deleted". The sender SHOULD then re-send Webmentions for every previously sent
420 | Webmention for that document.
421 |
422 | This allows receivers which may have displayed a previously received Webmention
423 | as a comment or other interaction to remove it from view if they support deletes, while
424 | providing a reasonable fallback for receivers which only support updates.
425 |
426 |
427 |
428 |
429 | Receiving Webmentions
430 |
431 | Upon receipt of a POST request containing the source and
432 | target parameters, the receiver SHOULD verify the parameters
433 | (see Request Verification below) and then
434 | SHOULD queue and process the request asynchronously, prevent DoS attacks.
435 | There are three possible responses to the request, depending on how the receiver
436 | processes it.
437 |
438 | If the receiver creates a status page which the sender can use to
439 | check the status, the receiver MUST reply with an HTTP 201 Created
440 | response with a Location header pointing to the status
441 | URL. The response body MAY contain content.
442 |
443 | HTTP/1.1 201 Created
444 | Location: http://aaronpk.example/webmention/DEhB9Jme
445 |
446 | If the receiver processes the request asynchronously but does not
447 | return a status URL, the receiver MUST reply with an HTTP 202 Accepted
448 | response. The response body MAY contain content, in which case a
449 | human-readable response is recommended.
450 |
451 | HTTP/1.1 202 Accepted
452 |
453 | If the receiver chooses to process the request and perform the
454 | verification step synchronously (not recommended), it MUST respond
455 | with a 200 OK status on success.
456 |
457 |
458 | Request Verification
459 |
460 | The receiver MUST check that source and target are valid URLs [[!URL]]
461 | and are of schemes that are supported by the receiver. (Most
462 | commonly this means checking that the source and target
463 | schemes are http or https).
464 |
465 | The receiver MUST reject the request if the source URL is the same as the target URL.
466 |
467 | The receiver SHOULD check that target is a valid resource for which
468 | it can accept Webmentions. This check SHOULD happen
469 | synchronously to reject invalid Webmentions before more in-depth
470 | verification begins. What a 'valid resource' means is up to the receiver. For example,
471 | some receivers may accept Webmentions for multiple domains, others may accept
472 | Webmentions for only the same domain the endpoint is on.
473 |
474 | Note that a target URL may contain a fragment identifier, and if the
475 | receiver limits which URLs can receive Webmentions, the fragment SHOULD be
476 | ignored when checking if the URL is supported.
477 |
478 |
479 |
480 | Webmention Verification
481 |
482 | Webmention verification SHOULD be handled asynchronously to
483 | prevent DoS attacks.
484 |
485 | If the receiver is going to use the Webmention in some way,
486 | (displaying it as a comment on a post, incrementing a "like"
487 | counter, notifying the author of a post), then it MUST perform an
488 | HTTP GET request on source, following any HTTP redirects (and SHOULD
489 | limit the number of redirects it follows) to confirm that it actually
490 | mentions the target. The receiver SHOULD include an HTTP Accept header
491 | indicating its preference of content types that are acceptable.
492 |
493 | The receiver SHOULD use per-media-type rules to determine whether
494 | the source document mentions the target URL. For example, in an
495 | [[HTML5]] document, the receiver should look for <a href="*">,
496 | <img href="*">, <video src="*">
497 | and other similar links. In a [[JSON]] document, the receiver should
498 | look for properties whose values are an exact match for the URL.
499 | If the document is plain text, the receiver should look for the URL
500 | by searching for the string. Other content types may be handled at
501 | the implementer's discretion. The source document MUST have an exact
502 | match of the target URL provided in order for it to be considered a
503 | valid Webmention.
504 |
505 | At this point, the receiver MAY publish content from the source page
506 | on the target page or other pages, along with any other data it picks
507 | up from the source. For example, the receiver may display the
508 | contents of the source as a comment on the post, or may display the author's
509 | profile photo in a list of others who have sent similar Webmentions, e.g.
510 | showing a list of people who have all "liked" a post.
511 |
512 |
513 |
514 | Error Responses
515 |
516 | If the Webmention was not successful because of something the
517 | sender did, it MUST return a 400 Bad Request
518 | status code and MAY include a description of the error in the response body.
519 |
520 | Possible sender-related errors that can be returned synchronously
521 | before making a GET request to the source:
522 |
523 |
524 | - Specified
target URL not found.
525 | - Specified
target URL does not accept Webmentions.
526 | source URL was malformed or is not a supported URL scheme (e.g. a mailto: link)
528 |
529 |
530 | Possible sender-related errors that can occur after fetching the
531 | contents of the source URL:
532 |
533 |
534 | source URL not found.source URL does not contain a link to the target URL.
537 |
538 |
539 | If the Webmention was not successful because of an error on
540 | the receiver's server, it SHOULD return a 500 Internal Server Error
541 | status code and MAY include a description of the error in the response body.
542 |
543 |
544 |
545 |
546 | Updating existing Webmentions
547 |
548 | If receiver had received a Webmention in the past with the same
549 | source and target then,
550 |
551 |
552 | -
553 | If both the verification steps are successful, it SHOULD update any existing data it picked from
source for the existing Webmention.
554 |
555 | -
556 | When a Webmention implementation does support updating (i.e., a "Webmention update implementation"), it MUST support updating data from properties of the primary object of the source. (e.g. properties of the [[h-entry]] of the page).
557 |
558 | -
559 | A Webmention update implementation MAY support updating data from children, or other descendant objects of the primary object (e.g. a comment h-entry inside the h-entry of the page). Note: Implementations that support this may wish to consider supporting it according to the [[Salmention]] extension.
560 |
561 |
562 |
563 |
564 |
565 |
566 | - If it received a
410 Gone status code on step 2 (performing a GET request on source), or received a 200 OK status code and does not find a mention of target on source, it SHOULD delete the existing Webmention, or mark it as deleted.
567 |
568 | - Processing Webmentions SHOULD be idempotent. That is, receiving multiple Webmentions for the same
source and target with no content changes should not show as multiple replies.
569 |
570 |
571 |
572 |
573 |
574 |