2008-04-24 Adam Barth <hk9565@gmail.com>
authormrowe@apple.com <mrowe@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 25 Apr 2008 00:47:23 +0000 (00:47 +0000)
committermrowe@apple.com <mrowe@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 25 Apr 2008 00:47:23 +0000 (00:47 +0000)
        Reviewed by Sam Weinig.

        Update the XMLHttpRequest header black list to match the spec.

        * xml/XMLHttpRequest.cpp:
        (WebCore::isSafeRequestHeader):

2008-04-24  Adam Barth  <hk9565@gmail.com>

        Reviewed by Sam Weinig.

        Test that we block headers beginning with "Sec-" as per spec.

        * http/tests/xmlhttprequest/set-dangerous-headers-expected.txt:
        * http/tests/xmlhttprequest/set-dangerous-headers.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@32526 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers-expected.txt
LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers.html
WebCore/ChangeLog
WebCore/xml/XMLHttpRequest.cpp

index e0f6a97..28ca14e 100644 (file)
@@ -1,3 +1,12 @@
+2008-04-24  Adam Barth  <hk9565@gmail.com>
+
+        Reviewed by Sam Weinig.
+
+        Test that we block headers beginning with "Sec-" as per spec.
+
+        * http/tests/xmlhttprequest/set-dangerous-headers-expected.txt:
+        * http/tests/xmlhttprequest/set-dangerous-headers.html:
+
 2008-04-22  Feng Qian  <ian.eng.webkit@gmail.com>
 
         Reviewed by Geoff Garen.
index c765edc..6e88834 100644 (file)
@@ -16,6 +16,9 @@ CONSOLE MESSAGE: line 1: Refused to set unsafe header VIA
 CONSOLE MESSAGE: line 1: Refused to set unsafe header Proxy-
 CONSOLE MESSAGE: line 1: Refused to set unsafe header Proxy-test
 CONSOLE MESSAGE: line 1: Refused to set unsafe header PROXY-FOO
+CONSOLE MESSAGE: line 1: Refused to set unsafe header Sec-
+CONSOLE MESSAGE: line 1: Refused to set unsafe header Sec-test
+CONSOLE MESSAGE: line 1: Refused to set unsafe header SEC-FOO
 Test that setRequestHeader cannot be used to alter security-sensitive headers.
 
 SUCCESS
index 29a68f9..e182f4a 100644 (file)
     req.setRequestHeader("Proxy-test", "foobar");
     req.setRequestHeader("PROXY-FOO", "foobar");
 
+    req.setRequestHeader("Sec-", "foobar");
+    req.setRequestHeader("Sec-test", "foobar");
+    req.setRequestHeader("SEC-FOO", "foobar");
+
     try {
         req.send("");
         if (req.responseText.match("100-continue|foobar|123456"))
index a567ec9..00409e0 100644 (file)
@@ -1,3 +1,12 @@
+2008-04-24  Adam Barth  <hk9565@gmail.com>
+
+        Reviewed by Sam Weinig.
+
+        Update the XMLHttpRequest header black list to match the spec.
+
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::isSafeRequestHeader):
+
 2008-04-22  Feng Qian  <ian.eng.webkit@gmail.com>
 
         Reviewed by Geoff Garen.
index bc15289..9277e20 100644 (file)
@@ -87,6 +87,7 @@ static bool isSafeRequestHeader(const String& name)
 {
     static HashSet<String, CaseFoldingHash> forbiddenHeaders;
     static String proxyString("proxy-");
+    static String secString("sec-");
     
     if (forbiddenHeaders.isEmpty()) {
         forbiddenHeaders.add("accept-charset");
@@ -106,7 +107,8 @@ static bool isSafeRequestHeader(const String& name)
         forbiddenHeaders.add("via");
     }
     
-    return !forbiddenHeaders.contains(name) && !name.startsWith(proxyString, false);
+    return !forbiddenHeaders.contains(name) && !name.startsWith(proxyString, false) &&
+           !name.startsWith(secString, false);
 }
 
 // Determines if a string is a valid token, as defined by