Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP

Loading…

unsafeHeaders - "Referer" header problem in Firefox #149

Closed
mevers47 opened this Issue · 7 comments

3 participants

@mevers47

In "sinon/util/fake_xml_http_request.js" on line 32 (01b616d) unsafe headers are defined. Because firefox doesn't send the referrer by default it is added by Qooxdoo (a javascript framework I use) to make browser behavior consistent. See the Qooxdoo bug report for more details: http://bugzilla.qooxdoo.org/show_bug.cgi?id=6571

As explained there, webkit based browsers add the referrer when using the native XMLHttpRequest object. But as shown here: http://www.mercurytide.co.uk/whitepapers/issues-working-with-ajax/ Firefox behaves differently.

@cjohansen
Owner

So the problem is that Sinon isn't inconsistent in browsers like the native object is?

@mevers47

Exactly. I think in case of Firefox the header error should be ignored because it is allowed to be written.

@cjohansen
Owner

Is it enough to simply remove the Referer header from the unsafe header list, or will that cause problems in other browsers? I.e., are there other browsers that actually enforce Referer as an unsafe header?

@mevers47

From the Qooxdoo source (https://github.com/qooxdoo/qooxdoo/blob/3e8376d21ef7b6e78163c095e6cc67c4895b2305/framework/source/class/qx/io/remote/transport/XmlHttp.js#L324) the "if" statement and comment below implies that Webkit-based browsers show a "Refused to set unsafe header Referer" message. Therefore, I do not think removing it is correct.

@cjohansen
Owner

But then what I'm left with is a engine sniff? :/

@mroderick
Collaborator

The Qooxdoo ticket has been closed, as it's gone stale. I am closing this.

@mroderick mroderick closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.