Bug 16189: XMLHttpRequest::setRequestHeader() should not set certain headers
Reviewed by Darin Adler.
* xml/XMLHttpRequest.cpp:
(WebCore::canSetRequestHeader):
Test: http/tests/xmlhttprequest/set-dangerous-headers.html
2007-12-01 Julien Chaffraix <julien.chaffraix@gmail.com>
Bug 16189: XMLHttpRequest::setRequestHeader() should not set certain headers
Reviewed by Darin Adler.
* http/tests/xmlhttprequest/set-dangerous-headers-expected.txt:
* http/tests/xmlhttprequest/set-dangerous-headers.html: Added tests for new headers
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@28301
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2007-12-01 Julien Chaffraix <julien.chaffraix@gmail.com>
+
+ Bug 16189: XMLHttpRequest::setRequestHeader() should not set certain headers
+
+ Reviewed by Darin Adler.
+
+ * http/tests/xmlhttprequest/set-dangerous-headers-expected.txt:
+ * http/tests/xmlhttprequest/set-dangerous-headers.html: Added tests for new headers
+
2007-12-01 Dan Bernstein <mitz@apple.com>
Reviewed by Darin Adler.
CONSOLE MESSAGE: line 1: Refused to set unsafe header ACCEPT-CHARSET
CONSOLE MESSAGE: line 1: Refused to set unsafe header ACCEPT-ENCODING
+CONSOLE MESSAGE: line 1: Refused to set unsafe header CONNECTION
CONSOLE MESSAGE: line 1: Refused to set unsafe header CONTENT-LENGTH
-CONSOLE MESSAGE: line 1: Refused to set unsafe header EXPECT
+CONSOLE MESSAGE: line 1: Refused to set unsafe header CONTENT-TRANSFER-ENCODING
CONSOLE MESSAGE: line 1: Refused to set unsafe header DATE
+CONSOLE MESSAGE: line 1: Refused to set unsafe header EXPECT
CONSOLE MESSAGE: line 1: Refused to set unsafe header HOST
CONSOLE MESSAGE: line 1: Refused to set unsafe header KEEP-ALIVE
CONSOLE MESSAGE: line 1: Refused to set unsafe header REFERER
CONSOLE MESSAGE: line 1: Refused to set unsafe header TRANSFER-ENCODING
CONSOLE MESSAGE: line 1: Refused to set unsafe header UPGRADE
CONSOLE MESSAGE: line 1: Refused to set unsafe header VIA
+CONSOLE MESSAGE: line 1: Refused to set unsafe header Proxy-
+CONSOLE MESSAGE: line 1: Refused to set unsafe header Proxy-test
+CONSOLE MESSAGE: line 1: Refused to set unsafe header PROXY-FOO
Test that setRequestHeader cannot be used to alter security-sensitive headers.
SUCCESS
req.setRequestHeader("ACCEPT-CHARSET", "foobar");
req.setRequestHeader("ACCEPT-ENCODING", "foobar");
+ req.setRequestHeader("CONNECTION", "foobar");
req.setRequestHeader("CONTENT-LENGTH", "123456");
- req.setRequestHeader("EXPECT", "100-continue");
+ req.setRequestHeader("CONTENT-TRANSFER-ENCODING", "foobar");
req.setRequestHeader("DATE", "foobar");
+ req.setRequestHeader("EXPECT", "100-continue");
req.setRequestHeader("HOST", "foobar");
req.setRequestHeader("KEEP-ALIVE", "foobar");
req.setRequestHeader("REFERER", "foobar");
req.setRequestHeader("UPGRADE", "foobar");
req.setRequestHeader("VIA", "foobar");
+ req.setRequestHeader("Proxy-", "foobar");
+ req.setRequestHeader("Proxy-test", "foobar");
+ req.setRequestHeader("PROXY-FOO", "foobar");
+
try {
req.send("");
if (req.responseText.match("100-continue|foobar|123456"))
+2007-12-01 Julien Chaffraix <julien.chaffraix@gmail.com>
+
+ Bug 16189: XMLHttpRequest::setRequestHeader() should not set certain headers
+
+ Reviewed by Darin Adler.
+
+ * xml/XMLHttpRequest.cpp:
+ (WebCore::canSetRequestHeader):
+
+ Test: http/tests/xmlhttprequest/set-dangerous-headers.html
+
2007-12-01 Rahul Abrol <ra5ul@comcast.net>
Reviewed by Adam Roben.
static bool canSetRequestHeader(const String& name)
{
static HashSet<String, CaseInsensitiveHash<String> > forbiddenHeaders;
+ static String proxyString("proxy-");
if (forbiddenHeaders.isEmpty()) {
forbiddenHeaders.add("accept-charset");
forbiddenHeaders.add("accept-encoding");
+ forbiddenHeaders.add("connection");
forbiddenHeaders.add("content-length");
- forbiddenHeaders.add("expect");
+ forbiddenHeaders.add("content-transfer-encoding");
forbiddenHeaders.add("date");
+ forbiddenHeaders.add("expect");
forbiddenHeaders.add("host");
forbiddenHeaders.add("keep-alive");
forbiddenHeaders.add("referer");
forbiddenHeaders.add("via");
}
- return !forbiddenHeaders.contains(name);
+ return !forbiddenHeaders.contains(name) && !name.startsWith(proxyString, false);
}
// Determines if a string is a valid token, as defined by