Bug 602482: Update XHR forbidden headers to latest spec. r=sicking a=b:betaN
authorKyle Huey <khuey@kylehuey.com>
Mon, 15 Nov 2010 06:55:30 -0500
changeset 57507 572b87ce4245bc90f7b568ece9e5a13bfb43175d
parent 57506 253c29def2c7de07a1a20f9504809981f72b252a
child 57508 d7cdb6ff6945bea27b21570ca585b3f4afc5fb9c
push id1
push usershaver@mozilla.com
push dateTue, 04 Jan 2011 17:58:04 +0000
reviewerssicking, b
bugs602482
milestone2.0b8pre
Bug 602482: Update XHR forbidden headers to latest spec. r=sicking a=b:betaN
content/base/src/nsXMLHttpRequest.cpp
content/base/test/Makefile.in
content/base/test/test_bug308484.html
content/base/test/test_xhr_forbidden_headers.html
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@@ -2758,19 +2758,21 @@ nsXMLHttpRequest::SetRequestHeader(const
   PRBool privileged;
   rv = IsCapabilityEnabled("UniversalBrowserWrite", &privileged);
   if (NS_FAILED(rv))
     return NS_ERROR_FAILURE;
 
   if (!privileged) {
     // Check for dangerous headers
     const char *kInvalidHeaders[] = {
-      "accept-charset", "accept-encoding", "connection", "content-length",
-      "content-transfer-encoding", "date", "expect", "host", "keep-alive",
-      "referer", "te", "trailer", "transfer-encoding", "upgrade", "via"
+      "accept-charset", "accept-encoding", "access-control-request-headers",
+      "access-control-request-method", "connection", "content-length",
+      "cookie", "cookie2", "content-transfer-encoding", "date", "expect",
+      "host", "keep-alive", "origin", "referer", "te", "trailer",
+      "transfer-encoding", "upgrade", "user-agent", "via"
     };
     PRUint32 i;
     for (i = 0; i < NS_ARRAY_LENGTH(kInvalidHeaders); ++i) {
       if (header.LowerCaseEqualsASCII(kInvalidHeaders[i])) {
         NS_WARNING("refusing to set request header");
         return NS_OK;
       }
     }
--- a/content/base/test/Makefile.in
+++ b/content/base/test/Makefile.in
@@ -73,17 +73,17 @@ include $(topsrcdir)/config/rules.mk
 		file_bug218236_multipart.txt^headers^ \
 		test_bug218277.html \
 		test_bug238409.html \
 		test_bug254337.html \
 		test_bug276037-1.html \
 		test_bug276037-2.xhtml \
 		test_bug298064.html \
 		bug298064-subframe.html \
-		test_bug308484.html \
+		test_xhr_forbidden_headers.html \
 		test_bug311681.xml \
 		test_bug322317.html \
 		test_bug330925.xhtml \
 		test_bug333673.html \
 		test_bug337631.html \
 		test_bug338541.xhtml \
 		test_bug338679.html \
 		test_bug339494.html \
rename from content/base/test/test_bug308484.html
rename to content/base/test/test_xhr_forbidden_headers.html
--- a/content/base/test/test_bug308484.html
+++ b/content/base/test/test_xhr_forbidden_headers.html
@@ -18,28 +18,34 @@ https://bugzilla.mozilla.org/show_bug.cg
 <pre id="test">
 <script class="testbody" type="text/javascript">
 
 /** Test for Bug 308484 **/
 
 var headers = [
   "aCCept-chaRset",
   "acCePt-eNcoDing",
+  "aCcEsS-cOnTrOl-ReQuEsT-mEtHoD",
+  "aCcEsS-cOnTrOl-ReQuEsT-hEaDeRs",
   "coNnEctIon",
   "coNtEnt-LEngth",
+  "CoOKIe",
+  "cOOkiE2",
   "cOntEnt-tRAnsFer-enCoDiNg",
   "DATE",
   "exPeCt",
   "hOSt",
   "keep-alive",
+  "oRiGiN",
   "reFERer",
   "te",
   "trAiLer",
   "trANsfEr-eNcoDiNg",
   "uPGraDe",
+  "user-AGENT",
   "viA",
   "pRoxy-",
   "sEc-",
   "proxy-fOobar",
   "sec-bAZbOx"
 ];
 var i, request;