Skip to content


unsafeHeaders - "Referer" header problem in Firefox #149

mevers47 opened this Issue · 7 comments

3 participants


In "sinon/util/fake_xml_http_request.js" on line 32 (01b616d) unsafe headers are defined. Because firefox doesn't send the referrer by default it is added by Qooxdoo (a javascript framework I use) to make browser behavior consistent. See the Qooxdoo bug report for more details:

As explained there, webkit based browsers add the referrer when using the native XMLHttpRequest object. But as shown here: Firefox behaves differently.


So the problem is that Sinon isn't inconsistent in browsers like the native object is?


Exactly. I think in case of Firefox the header error should be ignored because it is allowed to be written.


Is it enough to simply remove the Referer header from the unsafe header list, or will that cause problems in other browsers? I.e., are there other browsers that actually enforce Referer as an unsafe header?


From the Qooxdoo source ( the "if" statement and comment below implies that Webkit-based browsers show a "Refused to set unsafe header Referer" message. Therefore, I do not think removing it is correct.


But then what I'm left with is a engine sniff? :/


The Qooxdoo ticket has been closed, as it's gone stale. I am closing this.

@mroderick mroderick closed this
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.