mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-13 05:15:45 +00:00
fixes bug 302263 "prevent certain headers from being set on a XMLHttpRequest" r=dveditz sr=jst a=dveditz
This commit is contained in:
parent
ba204186cf
commit
fd180aedbe
@ -1593,8 +1593,14 @@ nsXMLHttpRequest::SetRequestHeader(const nsACString& header,
|
|||||||
if (!mChannel) // open() initializes mChannel, and open()
|
if (!mChannel) // open() initializes mChannel, and open()
|
||||||
return NS_ERROR_FAILURE; // must be called before first setRequestHeader()
|
return NS_ERROR_FAILURE; // must be called before first setRequestHeader()
|
||||||
|
|
||||||
if (!IsASCII(header) || !IsASCII(value)) {
|
// Prevent modification to certain HTTP headers (see bug 302263):
|
||||||
return NS_ERROR_INVALID_ARG;
|
const char *kInvalidHeaders[] = {
|
||||||
|
"host", "content-length", "transfer-encoding", "via", "upgrade"
|
||||||
|
};
|
||||||
|
for (size_t i = 0; i < NS_ARRAY_LENGTH(kInvalidHeaders); ++i) {
|
||||||
|
if (header.LowerCaseEqualsASCII(kInvalidHeaders[i])) {
|
||||||
|
return NS_ERROR_INVALID_ARG;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(mChannel));
|
nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(mChannel));
|
||||||
|
Loading…
Reference in New Issue
Block a user