Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-30 00:01:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixes bug 302489 "XMLHTTP TRACE method can reveal proxy passwords to web sites" r=jst sr=dveditz a=asa

Browse Source
This commit is contained in:
darin%meer.net 2005-08-02 21:00:03 +00:00
parent 4c4e3b7839
commit 3a49d1d940
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
extensions/xmlextras/base/src/nsXMLHttpRequest.cpp
View File

@ -877,6 +877,11 @@ nsXMLHttpRequest::OpenRequest(const nsACString& method,
NS_ENSURE_ARG(!method.IsEmpty());
NS_ENSURE_ARG(!url.IsEmpty());
// Disallow HTTP/1.1 TRACE method (see bug 302489).
if (method.LowerCaseEqualsASCII("trace")) {
return NS_ERROR_INVALID_ARG;
}
nsresult rv;
nsCOMPtr<nsIURI> uri;
PRBool authp = PR_FALSE;