Skip to content
This repository

unsafeHeaders - "Referer" header problem in Firefox #149

Open
mevers47 opened this Issue June 27, 2012 · 6 comments

2 participants

mevers47 Christian Johansen
mevers47

In "sinon/util/fake_xml_http_request.js" on line 32 (01b616d) unsafe headers are defined. Because firefox doesn't send the referrer by default it is added by Qooxdoo (a javascript framework I use) to make browser behavior consistent. See the Qooxdoo bug report for more details: http://bugzilla.qooxdoo.org/show_bug.cgi?id=6571

As explained there, webkit based browsers add the referrer when using the native XMLHttpRequest object. But as shown here: http://www.mercurytide.co.uk/whitepapers/issues-working-with-ajax/ Firefox behaves differently.

Christian Johansen
Owner

So the problem is that Sinon isn't inconsistent in browsers like the native object is?

mevers47

Exactly. I think in case of Firefox the header error should be ignored because it is allowed to be written.

Christian Johansen
Owner

Is it enough to simply remove the Referer header from the unsafe header list, or will that cause problems in other browsers? I.e., are there other browsers that actually enforce Referer as an unsafe header?

mevers47

From the Qooxdoo source (https://github.com/qooxdoo/qooxdoo/blob/3e8376d21ef7b6e78163c095e6cc67c4895b2305/framework/source/class/qx/io/remote/transport/XmlHttp.js#L324) the "if" statement and comment below implies that Webkit-based browsers show a "Refused to set unsafe header Referer" message. Therefore, I do not think removing it is correct.

Christian Johansen
Owner

But then what I'm left with is a engine sniff? :/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.