- From: Andrew Betts <notifications@github.com>
- Date: Wed, 31 Dec 2014 05:38:02 -0800
- To: slightlyoff/ServiceWorker <ServiceWorker@noreply.github.com>
- Message-ID: <slightlyoff/ServiceWorker/issues/596@github.com>
When I make a cross-origin request GET from Chrome 41 (canary) using XHR, adding a custom `Authorization` header, the following preflight request is emitted (some headers omitted): ``` OPTIONS /todos/?_nonce=CQIT0WsDcnPh779g HTTP/1.1 Access-Control-Request-Method: GET Origin: http://localhost:8003 Access-Control-Request-Headers: authorization Referer: http://localhost:8003/ ``` However, when I intercept the GET request in a serviceworker, and attempt to make an identical fetch, the following is emitted: ``` OPTIONS /todos/?_nonce=CQIT0WsDcnPh779g HTTP/1.1 Access-Control-Request-Method: GET Origin: http://localhost:8003 Access-Control-Request-Headers: referer, authorization Referer: http://localhost:8003/ ``` Neither my serviceworker nor the page code is setting a custom value for referer. Unfortunately, the presence of referer here is causing the OPTIONS request to be refused by the service provider I'm trying to talk to. My theory is that the internal implementation of SW is setting the referrer to the SW script URL and that's then causing the browser to consider it a custom header and add it accordingly to the `Access-Control-Request-Headers` list. Wondering if this should be considered a bug in SW. --- Reply to this email directly or view it on GitHub: https://github.com/slightlyoff/ServiceWorker/issues/596
Received on Wednesday, 31 December 2014 13:38:29 UTC