<rdar://problem/
5749455> Unable to set the Referer header in Dashboard using XMLHttpRequest
Cannot be tested in DRT.
* xml/XMLHttpRequest.cpp: (WebCore::canSetRequestHeader): Assume that a request that can load
local files can also set any headers.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@30422
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2008-02-20 Alexey Proskuryakov <ap@webkit.org>
+
+ Reviewed by Darin.
+
+ <rdar://problem/5749455> Unable to set the Referer header in Dashboard using XMLHttpRequest
+
+ Cannot be tested in DRT.
+
+ * xml/XMLHttpRequest.cpp: (WebCore::canSetRequestHeader): Assume that a request that can load
+ local files can also set any headers.
+
2008-02-19 Darin Adler <darin@apple.com>
Reviewed by Sam.
static bool canSetRequestHeader(const String& name)
{
+ // A privileged script (e.g. a Dashboard widget) can set any headers.
+ if (m_doc->isAllowedToLoadLocalResources())
+ return true;
+
static HashSet<String, CaseFoldingHash> forbiddenHeaders;
static String proxyString("proxy-");