Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-13 05:15:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fixes bug 302263 "prevent certain headers from being set on a XMLHttpRequest" r=dveditz sr=jst a=dveditz

Browse Source
This commit is contained in:
darin%meer.net 2006-04-20 03:39:36 +00:00
parent ba204186cf
commit fd180aedbe
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
content/base/src/nsXMLHttpRequest.cpp
View File

@ -1593,8 +1593,14 @@ nsXMLHttpRequest::SetRequestHeader(const nsACString& header,
if (!mChannel) // open() initializes mChannel, and open() if (!mChannel) // open() initializes mChannel, and open()
return NS_ERROR_FAILURE; // must be called before first setRequestHeader() return NS_ERROR_FAILURE; // must be called before first setRequestHeader()
if (!IsASCII(header) || !IsASCII(value)) { // Prevent modification to certain HTTP headers (see bug 302263):
return NS_ERROR_INVALID_ARG; const char *kInvalidHeaders[] = {
"host", "content-length", "transfer-encoding", "via", "upgrade"
};
for (size_t i = 0; i < NS_ARRAY_LENGTH(kInvalidHeaders); ++i) {
if (header.LowerCaseEqualsASCII(kInvalidHeaders[i])) {
return NS_ERROR_INVALID_ARG;
}
} }
nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(mChannel)); nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(mChannel));