XMLHttpRequest.setRequestHeader() should allow Content-Transfer-Encoding header;...
[WebKit-https.git] / Source / WebCore / ChangeLog
index 1ca6110..e3b37b4 100644 (file)
@@ -1,3 +1,24 @@
+2017-10-03  Daniel Bates  <dabates@apple.com>
+
+        XMLHttpRequest.setRequestHeader() should allow Content-Transfer-Encoding header; remove
+        duplicate logic to check for a forbidden XHR header field
+        https://bugs.webkit.org/show_bug.cgi?id=177829
+
+        Reviewed by Alexey Proskuryakov.
+
+        Use isForbiddenHeaderName() (defined in HTTPParsers.h) to check if the header field specified
+        to XMLHttpRequest.setRequestHeader() is allowed. Among other benefits this makes the behavior
+        of XMLHttpRequest.setRequestHeader() more closely aligned with the behavior of this method in
+        the XHR standard, <https://xhr.spec.whatwg.org> (8 September 2017). In particular, XMLHttpRequest.setRequestHeader()
+        no longer forbids setting the header Content-Transfer-Encoding. This header has not been
+        considered a forbidden header since <https://www.w3.org/TR/2012/WD-XMLHttpRequest-20121206/>.
+
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::XMLHttpRequest::setRequestHeader):
+        (WebCore::isForbiddenRequestHeader): Deleted.
+        (WebCore::XMLHttpRequest::isAllowedHTTPHeader): Deleted.
+        * xml/XMLHttpRequest.h:
+
 2017-10-03  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r222686, r222695, and r222698.