XMLHttpRequest.setRequestHeader() should allow Content-Transfer-Encoding header;...
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Oct 2017 20:55:59 +0000 (20:55 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Oct 2017 20:55:59 +0000 (20:55 +0000)
commit0ba8e6b30054038fcff71d03946827a42f4db8c8
tree3dd5170f770d2f95f75acfc5ad208b9386ab5dea
parentdfc5c604755643143c841a55c6ecb88d91514be1
XMLHttpRequest.setRequestHeader() should allow Content-Transfer-Encoding header; remove
duplicate logic to check for a forbidden XHR header field
https://bugs.webkit.org/show_bug.cgi?id=177829

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Use isForbiddenHeaderName() (defined in HTTPParsers.h) to check if the header field specified
to XMLHttpRequest.setRequestHeader() is allowed. Among other benefits this makes the behavior
of XMLHttpRequest.setRequestHeader() more closely aligned with the behavior of this method in
the XHR standard, <https://xhr.spec.whatwg.org> (8 September 2017). In particular, XMLHttpRequest.setRequestHeader()
no longer forbids setting the header Content-Transfer-Encoding. This header has not been
considered a forbidden header since <https://www.w3.org/TR/2012/WD-XMLHttpRequest-20121206/>.

* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::setRequestHeader):
(WebCore::isForbiddenRequestHeader): Deleted.
(WebCore::XMLHttpRequest::isAllowedHTTPHeader): Deleted.
* xml/XMLHttpRequest.h:

LayoutTests:

Update tests and test results now that we no longer consider Content-Transfer-Encoding a
forbidden header.

* fast/xmlhttprequest/set-dangerous-headers-expected.txt:
* fast/xmlhttprequest/set-dangerous-headers-in-dashboard.html:
* fast/xmlhttprequest/set-dangerous-headers.html:
* http/tests/xmlhttprequest/set-dangerous-headers-expected.txt:
* http/tests/xmlhttprequest/set-dangerous-headers.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@222807 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/xmlhttprequest/set-dangerous-headers-expected.txt
LayoutTests/fast/xmlhttprequest/set-dangerous-headers-in-dashboard.html
LayoutTests/fast/xmlhttprequest/set-dangerous-headers.html
LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers-expected.txt
LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers.html
Source/WebCore/ChangeLog
Source/WebCore/xml/XMLHttpRequest.cpp
Source/WebCore/xml/XMLHttpRequest.h