- From: Jonas Sicking <jonas@sicking.cc>
- Date: Sat, 7 Jul 2012 19:54:02 -0700
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: Webapps WG <public-webapps@w3.org>
On Sat, Jul 7, 2012 at 3:11 AM, Anne van Kesteren <annevk@annevk.nl> wrote: > On Fri, Jul 6, 2012 at 11:30 PM, Jonas Sicking <jonas@sicking.cc> wrote: >> It's currently not specified what the 'referer' request header should >> be set to when making requests using XMLHttpRequest. For example if an >> XHR object is created by one document, and then passes the object to a >> second document which calls xhr.open. Or if a page creates a XHR >> object and then calls history.pushState some time before xhr.send is >> called. > > It is defined actually to be the entry's script document address. The > fetch algorithm sets the referer header. (We discussed this before > somewhere.) What is the reason for this? This seems less consistent than using the same document as we use for things like same-origin checks and resolving relative urls. In general, we've been trying to move away from using the "entry script" in Gecko for things since it basically amounts to using a global variable which tends to be a source of bugs and unexpected behavior. / Jonas
Received on Sunday, 8 July 2012 02:55:00 UTC