Changeset 41547 in webkit


Ignore:
Timestamp:
Mar 10, 2009 12:46:09 AM (15 years ago)
Author:
ap@webkit.org
Message:

Reviewed by Darin Adler.

https://bugs.webkit.org/show_bug.cgi?id=19797
Bring the list of forbidden headers in sync with XMLHttpRequest spec draft

Added new checks to http/tests/xmlhttprequest/set-dangerous-headers.html.

  • xml/XMLHttpRequest.cpp: (WebCore::XMLHttpRequestStaticData::XMLHttpRequestStaticData): Added all headers from XMLHttpRequest 2 draft.
Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r41545 r41547  
     12009-03-10  Alexey Proskuryakov  <ap@webkit.org>
     2
     3        Reviewed by Darin Adler.
     4
     5        https://bugs.webkit.org/show_bug.cgi?id=19797
     6        Bring the list of forbidden headers in sync with XMLHttpRequest spec draft
     7
     8        * http/tests/xmlhttprequest/set-dangerous-headers-expected.txt:
     9        * http/tests/xmlhttprequest/set-dangerous-headers.html:
     10
    1112009-03-09  Simon Fraser  <simon.fraser@apple.com>
    212
  • trunk/LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers-expected.txt

    r34845 r41547  
    11CONSOLE MESSAGE: line 1: Refused to set unsafe header "ACCEPT-CHARSET"
    22CONSOLE MESSAGE: line 1: Refused to set unsafe header "ACCEPT-ENCODING"
     3CONSOLE MESSAGE: line 1: Refused to set unsafe header "ACCESS-CONTROL-REQUEST-HEADERS"
     4CONSOLE MESSAGE: line 1: Refused to set unsafe header "ACCESS-CONTROL-REQUEST-METHOD"
     5CONSOLE MESSAGE: line 1: Refused to set unsafe header "AUTHORIZATION"
    36CONSOLE MESSAGE: line 1: Refused to set unsafe header "CONNECTION"
    47CONSOLE MESSAGE: line 1: Refused to set unsafe header "CONTENT-LENGTH"
    58CONSOLE MESSAGE: line 1: Refused to set unsafe header "CONTENT-TRANSFER-ENCODING"
     9CONSOLE MESSAGE: line 1: Refused to set unsafe header "COOKIE"
     10CONSOLE MESSAGE: line 1: Refused to set unsafe header "COOKIE2"
    611CONSOLE MESSAGE: line 1: Refused to set unsafe header "DATE"
    712CONSOLE MESSAGE: line 1: Refused to set unsafe header "EXPECT"
    813CONSOLE MESSAGE: line 1: Refused to set unsafe header "HOST"
    914CONSOLE MESSAGE: line 1: Refused to set unsafe header "KEEP-ALIVE"
     15CONSOLE MESSAGE: line 1: Refused to set unsafe header "ORIGIN"
    1016CONSOLE MESSAGE: line 1: Refused to set unsafe header "REFERER"
    1117CONSOLE MESSAGE: line 1: Refused to set unsafe header "TE"
     
    1319CONSOLE MESSAGE: line 1: Refused to set unsafe header "TRANSFER-ENCODING"
    1420CONSOLE MESSAGE: line 1: Refused to set unsafe header "UPGRADE"
     21CONSOLE MESSAGE: line 1: Refused to set unsafe header "USER-AGENT"
    1522CONSOLE MESSAGE: line 1: Refused to set unsafe header "VIA"
    1623CONSOLE MESSAGE: line 1: Refused to set unsafe header "Proxy-"
  • trunk/LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers.html

    r32526 r41547  
    1212    req.setRequestHeader("ACCEPT-CHARSET", "foobar");
    1313    req.setRequestHeader("ACCEPT-ENCODING", "foobar");
     14    req.setRequestHeader("ACCESS-CONTROL-REQUEST-HEADERS", "foobar");
     15    req.setRequestHeader("ACCESS-CONTROL-REQUEST-METHOD", "foobar");
     16    req.setRequestHeader("AUTHORIZATION", "foobar");
    1417    req.setRequestHeader("CONNECTION", "foobar");
    1518    req.setRequestHeader("CONTENT-LENGTH", "123456");
    1619    req.setRequestHeader("CONTENT-TRANSFER-ENCODING", "foobar");
     20    req.setRequestHeader("COOKIE", "foobar");
     21    req.setRequestHeader("COOKIE2", "foobar");
    1722    req.setRequestHeader("DATE", "foobar");
    1823    req.setRequestHeader("EXPECT", "100-continue");
    1924    req.setRequestHeader("HOST", "foobar");
    2025    req.setRequestHeader("KEEP-ALIVE", "foobar");
     26    req.setRequestHeader("ORIGIN", "foobar");
    2127    req.setRequestHeader("REFERER", "foobar");
    2228    req.setRequestHeader("TE", "foobar");
     
    2430    req.setRequestHeader("TRANSFER-ENCODING", "foobar");
    2531    req.setRequestHeader("UPGRADE", "foobar");
     32    req.setRequestHeader("USER-AGENT", "foobar");
    2633    req.setRequestHeader("VIA", "foobar");
    2734
  • trunk/WebCore/ChangeLog

    r41546 r41547  
     12009-03-10  Alexey Proskuryakov  <ap@webkit.org>
     2
     3        Reviewed by Darin Adler.
     4
     5        https://bugs.webkit.org/show_bug.cgi?id=19797
     6        Bring the list of forbidden headers in sync with XMLHttpRequest spec draft
     7
     8        Added new checks to http/tests/xmlhttprequest/set-dangerous-headers.html.
     9
     10        * xml/XMLHttpRequest.cpp:
     11        (WebCore::XMLHttpRequestStaticData::XMLHttpRequestStaticData): Added all headers from
     12        XMLHttpRequest 2 draft.
     13
    1142009-03-10  Dan Bernstein  <mitz@apple.com>
    215
  • trunk/WebCore/xml/XMLHttpRequest.cpp

    r41500 r41547  
    7373    m_forbiddenRequestHeaders.add("accept-charset");
    7474    m_forbiddenRequestHeaders.add("accept-encoding");
     75    m_forbiddenRequestHeaders.add("access-control-request-headers");
     76    m_forbiddenRequestHeaders.add("access-control-request-method");
     77    m_forbiddenRequestHeaders.add("authorization");
    7578    m_forbiddenRequestHeaders.add("connection");
    7679    m_forbiddenRequestHeaders.add("content-length");
    7780    m_forbiddenRequestHeaders.add("content-transfer-encoding");
     81    m_forbiddenRequestHeaders.add("cookie");
     82    m_forbiddenRequestHeaders.add("cookie2");
    7883    m_forbiddenRequestHeaders.add("date");
    7984    m_forbiddenRequestHeaders.add("expect");
    8085    m_forbiddenRequestHeaders.add("host");
    8186    m_forbiddenRequestHeaders.add("keep-alive");
     87    m_forbiddenRequestHeaders.add("origin");
    8288    m_forbiddenRequestHeaders.add("referer");
    8389    m_forbiddenRequestHeaders.add("te");
     
    8591    m_forbiddenRequestHeaders.add("transfer-encoding");
    8692    m_forbiddenRequestHeaders.add("upgrade");
     93    m_forbiddenRequestHeaders.add("user-agent");
    8794    m_forbiddenRequestHeaders.add("via");
    8895
Note: See TracChangeset for help on using the changeset viewer.