Bug 1367626 - browser.downloads.download() should allow setting Referer. r=zombie
authorTom Schuster <evilpies@gmail.com>
Fri, 23 Aug 2019 11:59:15 +0000
changeset 489572 f5b29024aa67972a45b617c7210c3da7f644f872
parent 489563 8f6e40f9a0ad9a477e7f7e0d629ca20fdec91996
child 489573 2c8f5d2048d395ff8637a3f30e2c0a41326b274f
push id36478
push userdvarga@mozilla.com
push dateFri, 23 Aug 2019 21:49:00 +0000
treeherdermozilla-central@9f96b6821f1d [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerszombie
bugs1367626
milestone70.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1367626 - browser.downloads.download() should allow setting Referer. r=zombie Differential Revision: https://phabricator.services.mozilla.com/D43115
toolkit/components/extensions/parent/ext-downloads.js
toolkit/components/extensions/test/xpcshell/test_ext_downloads_download.js
--- a/toolkit/components/extensions/parent/ext-downloads.js
+++ b/toolkit/components/extensions/parent/ext-downloads.js
@@ -59,32 +59,32 @@ const DOWNLOAD_ITEM_CHANGE_FIELDS = [
   "state",
   "paused",
   "canResume",
   "error",
   "exists",
 ];
 
 // From https://fetch.spec.whatwg.org/#forbidden-header-name
+// Since bug 1367626 we allow extensions to set REFERER.
 const FORBIDDEN_HEADERS = [
   "ACCEPT-CHARSET",
   "ACCEPT-ENCODING",
   "ACCESS-CONTROL-REQUEST-HEADERS",
   "ACCESS-CONTROL-REQUEST-METHOD",
   "CONNECTION",
   "CONTENT-LENGTH",
   "COOKIE",
   "COOKIE2",
   "DATE",
   "DNT",
   "EXPECT",
   "HOST",
   "KEEP-ALIVE",
   "ORIGIN",
-  "REFERER",
   "TE",
   "TRAILER",
   "TRANSFER-ENCODING",
   "UPGRADE",
   "VIA",
 ];
 
 const FORBIDDEN_PREFIXES = /^PROXY-|^SEC-/i;
--- a/toolkit/components/extensions/test/xpcshell/test_ext_downloads_download.js
+++ b/toolkit/components/extensions/test/xpcshell/test_ext_downloads_download.js
@@ -527,16 +527,22 @@ add_task(async function test_download_ht
   result = await download({ headers: [{ name: "X-Custom" }] });
   ok(!result.ok, "download rejected because of missing header value");
   ok(/"value" is required/.test(result.err), "descriptive error message");
 
   result = await download({ headers: [{ name: "X-Custom", value: "13" }] });
   ok(result.ok, "download works with a custom header");
   confirm("GET", { "X-Custom": "13" });
 
+  // Test Referer header.
+  const referer = "http://example.org";
+  result = await download({ headers: [{ name: "Referer", value: referer }] });
+  ok(result.ok, "download works with Referer header");
+  confirm("GET", { Referer: referer });
+
   // Test forbidden headers.
   result = await download({ headers: [{ name: "DNT", value: "1" }] });
   ok(!result.ok, "download rejected because of forbidden header name DNT");
   ok(/Forbidden request header/.test(result.err), "descriptive error message");
 
   result = await download({
     headers: [{ name: "Proxy-Connection", value: "keep" }],
   });