Build fix.
authorap@webkit.org <ap@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Feb 2008 11:39:40 +0000 (11:39 +0000)
committerap@webkit.org <ap@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 20 Feb 2008 11:39:40 +0000 (11:39 +0000)
        * xml/XMLHttpRequest.cpp:
        (WebCore::isSafeRequestHeader):
        (WebCore::XMLHttpRequest::setRequestHeader):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@30423 268f45cc-cd09-0410-ab3c-d52691b4dbfc

WebCore/ChangeLog
WebCore/xml/XMLHttpRequest.cpp

index f4b4772bf4ff2315dfbb6313640a3a9222760c3c..8a5a09bc44243e6af53ef650f103155b19817736 100644 (file)
@@ -1,3 +1,11 @@
+2008-02-20  Alexey Proskuryakov  <ap@webkit.org>
+
+        Build fix.
+
+        * xml/XMLHttpRequest.cpp:
+        (WebCore::isSafeRequestHeader):
+        (WebCore::XMLHttpRequest::setRequestHeader):
+
 2008-02-20  Alexey Proskuryakov  <ap@webkit.org>
 
         Reviewed by Darin.
index fb298846f3f3fc584fab9eb69048b5ce0f708a70..027740ab95d865a982573bcab2cae18b0ab42db7 100644 (file)
@@ -79,12 +79,8 @@ static void removeFromRequestsByDocument(Document* doc, XMLHttpRequest* req)
     }
 }
 
-static bool canSetRequestHeader(const String& name)
+static bool isSafeRequestHeader(const String& name)
 {
-    // A privileged script (e.g. a Dashboard widget) can set any headers.
-    if (m_doc->isAllowedToLoadLocalResources())
-        return true;
-
     static HashSet<String, CaseFoldingHash> forbiddenHeaders;
     static String proxyString("proxy-");
     
@@ -545,7 +541,8 @@ void XMLHttpRequest::setRequestHeader(const String& name, const String& value, E
         return;
     }
         
-    if (!canSetRequestHeader(name)) {
+    // A privileged script (e.g. a Dashboard widget) can set any headers.
+    if (!m_doc->isAllowedToLoadLocalResources() && !isSafeRequestHeader(name)) {
         if (m_doc && m_doc->frame() && m_doc->frame()->page())
             m_doc->frame()->page()->chrome()->addMessageToConsole(JSMessageSource, ErrorMessageLevel, "Refused to set unsafe header " + name, 1, String());
         return;