W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2012

Re: [XHR] What referrer to use when making requests

From: Jonas Sicking <jonas@sicking.cc>
Date: Sat, 7 Jul 2012 19:54:02 -0700
Message-ID: <CA+c2ei-j0T=0gTCv3uNNz3-WjALb+Q+67WAN7KmWy6kz6HJq+w@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: Webapps WG <public-webapps@w3.org>
On Sat, Jul 7, 2012 at 3:11 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Fri, Jul 6, 2012 at 11:30 PM, Jonas Sicking <jonas@sicking.cc> wrote:
>> It's currently not specified what the 'referer' request header should
>> be set to when making requests using XMLHttpRequest. For example if an
>> XHR object is created by one document, and then passes the object to a
>> second document which calls xhr.open. Or if a page creates a XHR
>> object and then calls history.pushState some time before xhr.send is
>> called.
>
> It is defined actually to be the entry's script document address. The
> fetch algorithm sets the referer header. (We discussed this before
> somewhere.)

What is the reason for this? This seems less consistent than using the
same document as we use for things like same-origin checks and
resolving relative urls. In general, we've been trying to move away
from using the "entry script" in Gecko for things since it basically
amounts to using a global variable which tends to be a source of bugs
and unexpected behavior.

/ Jonas
Received on Sunday, 8 July 2012 02:55:00 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:53 GMT