Changeset 41547 in webkit
- Timestamp:
- Mar 10, 2009 12:46:09 AM (15 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r41545 r41547 1 2009-03-10 Alexey Proskuryakov <ap@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 https://bugs.webkit.org/show_bug.cgi?id=19797 6 Bring the list of forbidden headers in sync with XMLHttpRequest spec draft 7 8 * http/tests/xmlhttprequest/set-dangerous-headers-expected.txt: 9 * http/tests/xmlhttprequest/set-dangerous-headers.html: 10 1 11 2009-03-09 Simon Fraser <simon.fraser@apple.com> 2 12 -
trunk/LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers-expected.txt
r34845 r41547 1 1 CONSOLE MESSAGE: line 1: Refused to set unsafe header "ACCEPT-CHARSET" 2 2 CONSOLE MESSAGE: line 1: Refused to set unsafe header "ACCEPT-ENCODING" 3 CONSOLE MESSAGE: line 1: Refused to set unsafe header "ACCESS-CONTROL-REQUEST-HEADERS" 4 CONSOLE MESSAGE: line 1: Refused to set unsafe header "ACCESS-CONTROL-REQUEST-METHOD" 5 CONSOLE MESSAGE: line 1: Refused to set unsafe header "AUTHORIZATION" 3 6 CONSOLE MESSAGE: line 1: Refused to set unsafe header "CONNECTION" 4 7 CONSOLE MESSAGE: line 1: Refused to set unsafe header "CONTENT-LENGTH" 5 8 CONSOLE MESSAGE: line 1: Refused to set unsafe header "CONTENT-TRANSFER-ENCODING" 9 CONSOLE MESSAGE: line 1: Refused to set unsafe header "COOKIE" 10 CONSOLE MESSAGE: line 1: Refused to set unsafe header "COOKIE2" 6 11 CONSOLE MESSAGE: line 1: Refused to set unsafe header "DATE" 7 12 CONSOLE MESSAGE: line 1: Refused to set unsafe header "EXPECT" 8 13 CONSOLE MESSAGE: line 1: Refused to set unsafe header "HOST" 9 14 CONSOLE MESSAGE: line 1: Refused to set unsafe header "KEEP-ALIVE" 15 CONSOLE MESSAGE: line 1: Refused to set unsafe header "ORIGIN" 10 16 CONSOLE MESSAGE: line 1: Refused to set unsafe header "REFERER" 11 17 CONSOLE MESSAGE: line 1: Refused to set unsafe header "TE" … … 13 19 CONSOLE MESSAGE: line 1: Refused to set unsafe header "TRANSFER-ENCODING" 14 20 CONSOLE MESSAGE: line 1: Refused to set unsafe header "UPGRADE" 21 CONSOLE MESSAGE: line 1: Refused to set unsafe header "USER-AGENT" 15 22 CONSOLE MESSAGE: line 1: Refused to set unsafe header "VIA" 16 23 CONSOLE MESSAGE: line 1: Refused to set unsafe header "Proxy-" -
trunk/LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers.html
r32526 r41547 12 12 req.setRequestHeader("ACCEPT-CHARSET", "foobar"); 13 13 req.setRequestHeader("ACCEPT-ENCODING", "foobar"); 14 req.setRequestHeader("ACCESS-CONTROL-REQUEST-HEADERS", "foobar"); 15 req.setRequestHeader("ACCESS-CONTROL-REQUEST-METHOD", "foobar"); 16 req.setRequestHeader("AUTHORIZATION", "foobar"); 14 17 req.setRequestHeader("CONNECTION", "foobar"); 15 18 req.setRequestHeader("CONTENT-LENGTH", "123456"); 16 19 req.setRequestHeader("CONTENT-TRANSFER-ENCODING", "foobar"); 20 req.setRequestHeader("COOKIE", "foobar"); 21 req.setRequestHeader("COOKIE2", "foobar"); 17 22 req.setRequestHeader("DATE", "foobar"); 18 23 req.setRequestHeader("EXPECT", "100-continue"); 19 24 req.setRequestHeader("HOST", "foobar"); 20 25 req.setRequestHeader("KEEP-ALIVE", "foobar"); 26 req.setRequestHeader("ORIGIN", "foobar"); 21 27 req.setRequestHeader("REFERER", "foobar"); 22 28 req.setRequestHeader("TE", "foobar"); … … 24 30 req.setRequestHeader("TRANSFER-ENCODING", "foobar"); 25 31 req.setRequestHeader("UPGRADE", "foobar"); 32 req.setRequestHeader("USER-AGENT", "foobar"); 26 33 req.setRequestHeader("VIA", "foobar"); 27 34 -
trunk/WebCore/ChangeLog
r41546 r41547 1 2009-03-10 Alexey Proskuryakov <ap@webkit.org> 2 3 Reviewed by Darin Adler. 4 5 https://bugs.webkit.org/show_bug.cgi?id=19797 6 Bring the list of forbidden headers in sync with XMLHttpRequest spec draft 7 8 Added new checks to http/tests/xmlhttprequest/set-dangerous-headers.html. 9 10 * xml/XMLHttpRequest.cpp: 11 (WebCore::XMLHttpRequestStaticData::XMLHttpRequestStaticData): Added all headers from 12 XMLHttpRequest 2 draft. 13 1 14 2009-03-10 Dan Bernstein <mitz@apple.com> 2 15 -
trunk/WebCore/xml/XMLHttpRequest.cpp
r41500 r41547 73 73 m_forbiddenRequestHeaders.add("accept-charset"); 74 74 m_forbiddenRequestHeaders.add("accept-encoding"); 75 m_forbiddenRequestHeaders.add("access-control-request-headers"); 76 m_forbiddenRequestHeaders.add("access-control-request-method"); 77 m_forbiddenRequestHeaders.add("authorization"); 75 78 m_forbiddenRequestHeaders.add("connection"); 76 79 m_forbiddenRequestHeaders.add("content-length"); 77 80 m_forbiddenRequestHeaders.add("content-transfer-encoding"); 81 m_forbiddenRequestHeaders.add("cookie"); 82 m_forbiddenRequestHeaders.add("cookie2"); 78 83 m_forbiddenRequestHeaders.add("date"); 79 84 m_forbiddenRequestHeaders.add("expect"); 80 85 m_forbiddenRequestHeaders.add("host"); 81 86 m_forbiddenRequestHeaders.add("keep-alive"); 87 m_forbiddenRequestHeaders.add("origin"); 82 88 m_forbiddenRequestHeaders.add("referer"); 83 89 m_forbiddenRequestHeaders.add("te"); … … 85 91 m_forbiddenRequestHeaders.add("transfer-encoding"); 86 92 m_forbiddenRequestHeaders.add("upgrade"); 93 m_forbiddenRequestHeaders.add("user-agent"); 87 94 m_forbiddenRequestHeaders.add("via"); 88 95
Note: See TracChangeset
for help on using the changeset viewer.