OLD | NEW |
1 /* | 1 /* |
2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. |
3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> | 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> |
4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> | 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> |
5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. | 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. |
6 * Copyright (C) 2012 Intel Corporation | 6 * Copyright (C) 2012 Intel Corporation |
7 * | 7 * |
8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
9 * modify it under the terms of the GNU Lesser General Public | 9 * modify it under the terms of the GNU Lesser General Public |
10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
(...skipping 903 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
914 if (m_state != OPENED || m_loader) { | 914 if (m_state != OPENED || m_loader) { |
915 ec = INVALID_STATE_ERR; | 915 ec = INVALID_STATE_ERR; |
916 return; | 916 return; |
917 } | 917 } |
918 | 918 |
919 if (!isValidHTTPToken(name) || !isValidHTTPHeaderValue(value)) { | 919 if (!isValidHTTPToken(name) || !isValidHTTPHeaderValue(value)) { |
920 ec = SYNTAX_ERR; | 920 ec = SYNTAX_ERR; |
921 return; | 921 return; |
922 } | 922 } |
923 | 923 |
924 // A privileged script can set any headers. | 924 // No script (privileged or not) can set unsafe headers. |
925 if (!securityOrigin()->canLoadLocalResources() && !isAllowedHTTPHeader(name)
) { | 925 if (!isAllowedHTTPHeader(name)) { |
926 logConsoleError(scriptExecutionContext(), "Refused to set unsafe header
\"" + name + "\""); | 926 logConsoleError(scriptExecutionContext(), "Refused to set unsafe header
\"" + name + "\""); |
927 return; | 927 return; |
928 } | 928 } |
929 | 929 |
930 setRequestHeaderInternal(name, value); | 930 setRequestHeaderInternal(name, value); |
931 } | 931 } |
932 | 932 |
933 void XMLHttpRequest::setRequestHeaderInternal(const AtomicString& name, const St
ring& value) | 933 void XMLHttpRequest::setRequestHeaderInternal(const AtomicString& name, const St
ring& value) |
934 { | 934 { |
935 HTTPHeaderMap::AddResult result = m_requestHeaders.add(name, value); | 935 HTTPHeaderMap::AddResult result = m_requestHeaders.add(name, value); |
(...skipping 354 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1290 info.addMember(m_responseDocument, "responseDocument"); | 1290 info.addMember(m_responseDocument, "responseDocument"); |
1291 info.addMember(m_binaryResponseBuilder, "binaryResponseBuilder"); | 1291 info.addMember(m_binaryResponseBuilder, "binaryResponseBuilder"); |
1292 info.addMember(m_responseArrayBuffer, "responseArrayBuffer"); | 1292 info.addMember(m_responseArrayBuffer, "responseArrayBuffer"); |
1293 info.addMember(m_lastSendURL, "lastSendURL"); | 1293 info.addMember(m_lastSendURL, "lastSendURL"); |
1294 info.addMember(m_eventTargetData, "eventTargetData"); | 1294 info.addMember(m_eventTargetData, "eventTargetData"); |
1295 info.addMember(m_progressEventThrottle, "progressEventThrottle"); | 1295 info.addMember(m_progressEventThrottle, "progressEventThrottle"); |
1296 info.addMember(m_securityOrigin, "securityOrigin"); | 1296 info.addMember(m_securityOrigin, "securityOrigin"); |
1297 } | 1297 } |
1298 | 1298 |
1299 } // namespace WebCore | 1299 } // namespace WebCore |
OLD | NEW |