On Sat, Jul 7, 2012 at 3:11 AM, Anne van Kesteren <[email protected]> wrote: > On Fri, Jul 6, 2012 at 11:30 PM, Jonas Sicking <[email protected]> wrote: >> It's currently not specified what the 'referer' request header should >> be set to when making requests using XMLHttpRequest. For example if an >> XHR object is created by one document, and then passes the object to a >> second document which calls xhr.open. Or if a page creates a XHR >> object and then calls history.pushState some time before xhr.send is >> called. > > It is defined actually to be the entry's script document address. The > fetch algorithm sets the referer header. (We discussed this before > somewhere.)
What is the reason for this? This seems less consistent than using the same document as we use for things like same-origin checks and resolving relative urls. In general, we've been trying to move away from using the "entry script" in Gecko for things since it basically amounts to using a global variable which tends to be a source of bugs and unexpected behavior. / Jonas
