XMLHttpRequest.setRequestHeader() should allow Content-Transfer-Encoding header;...
authordbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Oct 2017 20:55:59 +0000 (20:55 +0000)
committerdbates@webkit.org <dbates@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Oct 2017 20:55:59 +0000 (20:55 +0000)
commit9b5f0229b30db16b4078ba219305f8c970f2a9f2
tree3dd5170f770d2f95f75acfc5ad208b9386ab5dea
parent4405ce7758793ca296ff5c07659029b623056b79
XMLHttpRequest.setRequestHeader() should allow Content-Transfer-Encoding header; remove
duplicate logic to check for a forbidden XHR header field
https://bugs.webkit.org/show_bug.cgi?id=177829

Reviewed by Alexey Proskuryakov.

Source/WebCore:

Use isForbiddenHeaderName() (defined in HTTPParsers.h) to check if the header field specified
to XMLHttpRequest.setRequestHeader() is allowed. Among other benefits this makes the behavior
of XMLHttpRequest.setRequestHeader() more closely aligned with the behavior of this method in
the XHR standard, <https://xhr.spec.whatwg.org> (8 September 2017). In particular, XMLHttpRequest.setRequestHeader()
no longer forbids setting the header Content-Transfer-Encoding. This header has not been
considered a forbidden header since <https://www.w3.org/TR/2012/WD-XMLHttpRequest-20121206/>.

* xml/XMLHttpRequest.cpp:
(WebCore::XMLHttpRequest::setRequestHeader):
(WebCore::isForbiddenRequestHeader): Deleted.
(WebCore::XMLHttpRequest::isAllowedHTTPHeader): Deleted.
* xml/XMLHttpRequest.h:

LayoutTests:

Update tests and test results now that we no longer consider Content-Transfer-Encoding a
forbidden header.

* fast/xmlhttprequest/set-dangerous-headers-expected.txt:
* fast/xmlhttprequest/set-dangerous-headers-in-dashboard.html:
* fast/xmlhttprequest/set-dangerous-headers.html:
* http/tests/xmlhttprequest/set-dangerous-headers-expected.txt:
* http/tests/xmlhttprequest/set-dangerous-headers.html:

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@222807 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/xmlhttprequest/set-dangerous-headers-expected.txt
LayoutTests/fast/xmlhttprequest/set-dangerous-headers-in-dashboard.html
LayoutTests/fast/xmlhttprequest/set-dangerous-headers.html
LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers-expected.txt
LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers.html
Source/WebCore/ChangeLog
Source/WebCore/xml/XMLHttpRequest.cpp
Source/WebCore/xml/XMLHttpRequest.h