makes XMLHttpRequest::SetRequestHeader call dom::headers::is_forbidden_header_name

2025-08-05 21:50:18 +01:00 · 2016-07-19 13:17:59 -07:00 · 2016-07-19 13:17:59 -07:00 · 60549c47ba
commit 60549c47ba
parent 530b02790b
2 changed files with 4 additions and 16 deletions
--- a/components/script/dom/headers.rs
+++ b/components/script/dom/headers.rs
@ -102,7 +102,7 @@ fn is_forbidden_response_header(name: &str) -> bool {
 }
 // https://fetch.spec.whatwg.org/#forbidden-header-name
-fn is_forbidden_header_name(name: &str) -> bool {
+pub fn is_forbidden_header_name(name: &str) -> bool {
    let disallowed_headers =
        ["accept-charset", "accept-encoding",
         "access-control-request-headers",
--- a/components/script/dom/xmlhttprequest.rs
+++ b/components/script/dom/xmlhttprequest.rs
@ -25,6 +25,7 @@ use dom::document::DocumentSource;
 use dom::document::{Document, IsHTMLDocument};
 use dom::event::{Event, EventBubbles, EventCancelable};
 use dom::eventtarget::EventTarget;
 use dom::headers::is_forbidden_header_name;
 use dom::progressevent::ProgressEvent;
 use dom::xmlhttprequesteventtarget::XMLHttpRequestEventTarget;
 use dom::xmlhttprequestupload::XMLHttpRequestUpload;
@ -416,21 +417,8 @@ impl XMLHttpRequestMethods for XMLHttpRequest {
                // Step 5
                // Disallowed headers and header prefixes:
                // https://fetch.spec.whatwg.org/#forbidden-header-name
-                let disallowedHeaders =
+                if is_forbidden_header_name(s) {
-                    ["accept-charset", "accept-encoding",
+                    return Ok(());
                    "access-control-request-headers",
                    "access-control-request-method",
                    "connection", "content-length",
                    "cookie", "cookie2", "date", "dnt",
                    "expect", "host", "keep-alive", "origin",
                    "referer", "te", "trailer", "transfer-encoding",
                    "upgrade", "via"];
                let disallowedHeaderPrefixes = ["sec-", "proxy-"];
                if disallowedHeaders.iter().any(|header| *header == s) ||
                   disallowedHeaderPrefixes.iter().any(|prefix| s.starts_with(prefix)) {
                    return Ok(())
                } else {
                    s
                }