GM_xmlhttpRequest referer

108 views
Skip to first unread message

Gimmic

unread,
Nov 28, 2007, 6:01:38 PM11/28/07
to greasemonkey-dev
I've been working on a little script that has to send a request to a
specific page using GM_xmlhttpRequest, and while it seems to be
sending everything else, it is not sending the referer header
information. I have verified this with packet sniffing. I poked
around online quite a bit and didnt find much.

Is this a bug or is it by design? I have submitted a bug request @
https://www.mozdev.org/bugs/show_bug.cgi?id=18104

Thanks.

Anthony Lieuallen

unread,
Nov 28, 2007, 6:06:50 PM11/28/07
to greasemo...@googlegroups.com
On 11/28/2007 6:01 PM, Gimmic wrote:
> Is this a bug or is it by design?

It's not a bug. It's not strictly design. But it's definitely not
something that's trying to be done, but not working.

> I have submitted a bug request @

> https://www.mozdev.org/...

It's been a long time since that was the active bug tracker for GM. Use:

http://greasemonkey.devjavu.com/

Gimmic

unread,
Nov 29, 2007, 3:41:51 PM11/29/07
to greasemonkey-dev
Thanks for the more appropriate link. I've replicated the post there:
http://greasemonkey.devjavu.com/ticket/60

Heh, if it isnt by design and its not a bug it must be a 'feature'
right?
So I figured it might be 'by design' but I'm not too keen on something
protecting me from myself, and it just seems kind of silly to worry
about a couple of attributes that can be changed with other
utilities(such as Tamper Data).

At best it should be documented *somewhere*! I messed about for some
time thinking it was a problem with my script before actually looking
at what GM_xmlhttpreq was actually sending..

Anthony Lieuallen

unread,
Nov 29, 2007, 3:45:42 PM11/29/07
to greasemo...@googlegroups.com
On 11/29/2007 3:41 PM, Gimmic wrote:
> Heh, if it isnt by design and its not a bug it must be a 'feature'
> right?

What /is/ by design is that it is a wrapper around the full-blown
XMLHttpRequest object that chrome gets access to. With limitations on
what is possible, so that user scripts can't perform extremely unsafe
operations (like getting a file:/// URI).

Therefore, "by design", you can do only explicitly what it allows. Also
by design, it is not the regular XMLHttpRequest object, it does
more/other things.

If you don't like the documentation, good news, it's a wiki! You can
update it!

http://wiki.greasespot.net/

Gimmic

unread,
Nov 29, 2007, 8:52:35 PM11/29/07
to greasemonkey-dev

> What /is/ by design is that it is a wrapper around the full-blown
> XMLHttpRequest object that chrome gets access to. With limitations on
> what is possible, so that user scripts can't perform extremely unsafe
> operations (like getting a file:/// URI).

I understand that to an extent but since the user scripts are user
installed, I'm not sure I really like the scripting language
protecting me from myself. Maybe something like a "safe scripts/easy
mode or Advanced mode" option in GM would be nice..
Thanks for the explanation though, it makes sense.


> If you don't like the documentation, good news, it's a wiki! You can
> update it!
>
> http://wiki.greasespot.net/

Fair enough- Added a quick note.
Reply all
Reply to author
Forward
0 new messages