Is this behavior with the referrer when sending a XMLHttpRequest in Brave intended?

597 views Asked by At
var xhr = new XMLHttpRequest();

xhr.open('GET', 'https://httpbin.org', true);
xhr.send();

When running this simple code above from example.org, request headers in Chrome devtools shows this:

Host:httpbin.org
Origin:http://example.org
Referer:http://example.org

When running the same code in Brave, I get this:

Host:httpbin.org
Origin:https://example.org
Referer:https://httpbin.org

I feel that that the referrer being the same that that the host is a bug, but maybe I'm missing something. Should I report this?

1

There are 1 answers

1
clemlatz On BEST ANSWER

This behavior is intended.

We spoof cross-origin referer when '3rd party cookie block' is on.

Source