Bug 751452 - Prevent DNT modification in unprivileged mode + test case. r=khuey
authorAlexandre D'Eschambeault <xel1045@gmail.com>
Mon, 13 Aug 2012 22:47:19 -0400
changeset 102322 3b7250c5316a60b2442d76b666bd6362ee8d5bd0
parent 102321 1230521b11d32352d89f2da2bde168bde56f428b
child 102323 4387edee40991a1323af0f472ab62bb9907760f2
push id13419
push userryanvm@gmail.com
push dateWed, 15 Aug 2012 00:47:31 +0000
treeherdermozilla-inbound@906aa1702cda [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskhuey
bugs751452
milestone17.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 751452 - Prevent DNT modification in unprivileged mode + test case. r=khuey
content/base/src/nsXMLHttpRequest.cpp
content/base/test/test_xhr_forbidden_headers.html
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@@ -3219,18 +3219,18 @@ nsXMLHttpRequest::SetRequestHeader(const
   if (NS_FAILED(IsCapabilityEnabled("UniversalXPConnect", &privileged)))
     return NS_ERROR_FAILURE;
 
   if (!privileged) {
     // Step 5: Check for dangerous headers.
     const char *kInvalidHeaders[] = {
       "accept-charset", "accept-encoding", "access-control-request-headers",
       "access-control-request-method", "connection", "content-length",
-      "cookie", "cookie2", "content-transfer-encoding", "date", "expect",
-      "host", "keep-alive", "origin", "referer", "te", "trailer",
+      "cookie", "cookie2", "content-transfer-encoding", "date", "dnt",
+      "expect", "host", "keep-alive", "origin", "referer", "te", "trailer",
       "transfer-encoding", "upgrade", "user-agent", "via"
     };
     PRUint32 i;
     for (i = 0; i < ArrayLength(kInvalidHeaders); ++i) {
       if (header.LowerCaseEqualsASCII(kInvalidHeaders[i])) {
         NS_WARNING("refusing to set request header");
         return NS_OK;
       }
--- a/content/base/test/test_xhr_forbidden_headers.html
+++ b/content/base/test/test_xhr_forbidden_headers.html
@@ -25,16 +25,17 @@ var headers = [
   "aCcEsS-cOnTrOl-ReQuEsT-mEtHoD",
   "aCcEsS-cOnTrOl-ReQuEsT-hEaDeRs",
   "coNnEctIon",
   "coNtEnt-LEngth",
   "CoOKIe",
   "cOOkiE2",
   "cOntEnt-tRAnsFer-enCoDiNg",
   "DATE",
+  "dNT",
   "exPeCt",
   "hOSt",
   "keep-alive",
   "oRiGiN",
   "reFERer",
   "te",
   "trAiLer",
   "trANsfEr-eNcoDiNg",