Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(282)

Side by Side Diff: LayoutTests/fast/xmlhttprequest/set-dangerous-headers-local.html

Issue 13979011: Block all scripts from setting unsafe headers in XMLHttpRequest (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Fix line width. Created 7 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
(Empty)
1 <html>
2 <body>
3 <p>Test that setRequestHeader cannot be used to alter security-sensitive headers
4 for file:// urls.</p>
5 <pre id=result>FAIL: script didn't run or raised an unexpected exception.</pre>
6
7 <script>
8
9 if (window.testRunner)
10 testRunner.dumpAsText();
11
12 if (window.location.href.indexOf("file://") != 0) {
13 document.getElementById("result").textContent =
14 "ERROR: Not running from file:// origin.";
15 } else {
16 req = new XMLHttpRequest;
17 req.open("GET", "resources/print-headers.cgi", false);
18
19 req.setRequestHeader("REFERER", "foobar");
20
21 try {
22 req.send("");
23 if (req.responseText.match("100-continue|foobar|123456"))
24 document.getElementById("result").textContent =
25 req.responseText;
26 else
27 document.getElementById("result").textContent = "SUCCESS";
28 } catch (ex) {
29 document.getElementById("result").textContent = ex;
30 }
31 }
32 </script>
33 </body>
34 </html>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698