content/base/test/test_xhr_forbidden_headers.html
author Alexandre D'Eschambeault <xel1045@gmail.com>
Mon, 13 Aug 2012 22:47:19 -0400
changeset 102322 3b7250c5316a60b2442d76b666bd6362ee8d5bd0
parent 90703 7fde5b6ebd13e413a244f12b50e9119c55cbd0b7
child 107902 a8583bee3c377dd9878dca774d3ff01adcbea3c5
permissions -rw-r--r--
Bug 751452 - Prevent DNT modification in unprivileged mode + test case. r=khuey

<!DOCTYPE HTML>
<html>
<!--
https://bugzilla.mozilla.org/show_bug.cgi?id=308484
-->
<head>
  <title>Test for Bug 308484</title>
  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
  <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
</head>
<body>
<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=308484">Mozilla Bug 308484</a>
<p id="display"></p>
<div id="content" style="display: none">
  
</div>
<pre id="test">
<script class="testbody" type="text/javascript">

/** Test for Bug 308484 **/

var headers = [
  "aCCept-chaRset",
  "acCePt-eNcoDing",
  "aCcEsS-cOnTrOl-ReQuEsT-mEtHoD",
  "aCcEsS-cOnTrOl-ReQuEsT-hEaDeRs",
  "coNnEctIon",
  "coNtEnt-LEngth",
  "CoOKIe",
  "cOOkiE2",
  "cOntEnt-tRAnsFer-enCoDiNg",
  "DATE",
  "dNT",
  "exPeCt",
  "hOSt",
  "keep-alive",
  "oRiGiN",
  "reFERer",
  "te",
  "trAiLer",
  "trANsfEr-eNcoDiNg",
  "uPGraDe",
  "user-AGENT",
  "viA",
  "pRoxy-",
  "sEc-",
  "proxy-fOobar",
  "sec-bAZbOx"
];
var i, request;

// Try setting headers in unprivileged context
request = new XMLHttpRequest();
request.open("GET", window.location.href);
for (i = 0; i < headers.length; i++)
  request.setRequestHeader(headers[i], "test" + i);

// Read out headers
var channel = SpecialPowers.wrap(request).channel.QueryInterface(Components.interfaces.nsIHttpChannel);
for (i = 0; i < headers.length; i++) {
  // Retrieving Content-Length will throw an exception
  var value = null;
  try {
    value = channel.getRequestHeader(headers[i]);
  }
  catch(e) {}

  isnot(value, "test" + i, "Setting " + headers[i] + " header in unprivileged context");
}

// Try setting headers in privileged context
netscape.security.PrivilegeManager.enablePrivilege("UniversalXPConnect");
request = new XMLHttpRequest();
request.open("GET", window.location.href);
for (i = 0; i < headers.length; i++)
  request.setRequestHeader(headers[i], "test" + i);

// Read out headers
var channel = SpecialPowers.wrap(request).channel.QueryInterface(Components.interfaces.nsIHttpChannel);
for (i = 0; i < headers.length; i++) {
  var value = channel.getRequestHeader(headers[i]);
  is(value, "test" + i, "Setting " + headers[i] + " header in privileged context");
}
</script>
</pre>
</body>
</html>