OLD | NEW |
---|---|
1 /* | 1 /* |
2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. | 2 * Copyright (C) 2004, 2006, 2008 Apple Inc. All rights reserved. |
3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> | 3 * Copyright (C) 2005-2007 Alexey Proskuryakov <ap@webkit.org> |
4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> | 4 * Copyright (C) 2007, 2008 Julien Chaffraix <jchaffraix@webkit.org> |
5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. | 5 * Copyright (C) 2008, 2011 Google Inc. All rights reserved. |
6 * Copyright (C) 2012 Intel Corporation | 6 * Copyright (C) 2012 Intel Corporation |
7 * | 7 * |
8 * This library is free software; you can redistribute it and/or | 8 * This library is free software; you can redistribute it and/or |
9 * modify it under the terms of the GNU Lesser General Public | 9 * modify it under the terms of the GNU Lesser General Public |
10 * License as published by the Free Software Foundation; either | 10 * License as published by the Free Software Foundation; either |
(...skipping 431 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
442 return method; | 442 return method; |
443 } | 443 } |
444 | 444 |
445 bool XMLHttpRequest::isAllowedHTTPHeader(const String& name) | 445 bool XMLHttpRequest::isAllowedHTTPHeader(const String& name) |
446 { | 446 { |
447 initializeXMLHttpRequestStaticData(); | 447 initializeXMLHttpRequestStaticData(); |
448 return !staticData->m_forbiddenRequestHeaders.contains(name) && !name.starts With(staticData->m_proxyHeaderPrefix, false) | 448 return !staticData->m_forbiddenRequestHeaders.contains(name) && !name.starts With(staticData->m_proxyHeaderPrefix, false) |
449 && !name.startsWith(staticData->m_secHeaderPrefix, false); | 449 && !name.startsWith(staticData->m_secHeaderPrefix, false); |
450 } | 450 } |
451 | 451 |
452 bool XMLHttpRequest::isLocallyAllowedHTTPHeader(const String& name) | |
453 { | |
454 // Scripts that can load local resources can't set referer header. | |
455 return !equalIgnoringCase(name, "referer"); | |
abarth-chromium
2013/04/25 00:30:57
What about Host and all the other sensitive HTTP h
meacer
2013/04/25 00:34:58
Per your comment below, looks like we don't need t
abarth-chromium
2013/04/25 03:28:10
Correct.
meacer
2013/04/25 17:43:21
Done.
| |
456 } | |
457 | |
452 void XMLHttpRequest::open(const String& method, const KURL& url, ExceptionCode& ec) | 458 void XMLHttpRequest::open(const String& method, const KURL& url, ExceptionCode& ec) |
453 { | 459 { |
454 open(method, url, true, ec); | 460 open(method, url, true, ec); |
455 } | 461 } |
456 | 462 |
457 void XMLHttpRequest::open(const String& method, const KURL& url, bool async, Exc eptionCode& ec) | 463 void XMLHttpRequest::open(const String& method, const KURL& url, bool async, Exc eptionCode& ec) |
458 { | 464 { |
459 internalAbort(); | 465 internalAbort(); |
460 State previousState = m_state; | 466 State previousState = m_state; |
461 m_state = UNSENT; | 467 m_state = UNSENT; |
(...skipping 452 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
914 if (m_state != OPENED || m_loader) { | 920 if (m_state != OPENED || m_loader) { |
915 ec = INVALID_STATE_ERR; | 921 ec = INVALID_STATE_ERR; |
916 return; | 922 return; |
917 } | 923 } |
918 | 924 |
919 if (!isValidHTTPToken(name) || !isValidHTTPHeaderValue(value)) { | 925 if (!isValidHTTPToken(name) || !isValidHTTPHeaderValue(value)) { |
920 ec = SYNTAX_ERR; | 926 ec = SYNTAX_ERR; |
921 return; | 927 return; |
922 } | 928 } |
923 | 929 |
924 // A privileged script can set any headers. | 930 // A privileged script can set any headers except for "referer". |
925 if (!securityOrigin()->canLoadLocalResources() && !isAllowedHTTPHeader(name) ) { | 931 if (!securityOrigin()->canLoadLocalResources() && !isAllowedHTTPHeader(name) ) { |
abarth-chromium
2013/04/25 00:30:57
IMHO, we should just remove canLoadLocalResources(
meacer
2013/04/25 00:34:58
So just to clarify, we'll have a single set of dis
abarth-chromium
2013/04/25 03:28:10
Correct.
meacer
2013/04/25 17:43:21
Done.
| |
926 logConsoleError(scriptExecutionContext(), "Refused to set unsafe header \"" + name + "\""); | 932 logConsoleError(scriptExecutionContext(), "Refused to set unsafe header \"" + name + "\""); |
927 return; | 933 return; |
928 } | 934 } |
929 | 935 |
936 if (securityOrigin()->canLoadLocalResources() && !isLocallyAllowedHTTPHeader (name)) { | |
937 logConsoleError(scriptExecutionContext(), "Refused to set unsafe header \"" + name + "\""); | |
938 return; | |
939 } | |
940 | |
930 setRequestHeaderInternal(name, value); | 941 setRequestHeaderInternal(name, value); |
931 } | 942 } |
932 | 943 |
933 void XMLHttpRequest::setRequestHeaderInternal(const AtomicString& name, const St ring& value) | 944 void XMLHttpRequest::setRequestHeaderInternal(const AtomicString& name, const St ring& value) |
934 { | 945 { |
935 HTTPHeaderMap::AddResult result = m_requestHeaders.add(name, value); | 946 HTTPHeaderMap::AddResult result = m_requestHeaders.add(name, value); |
936 if (!result.isNewEntry) | 947 if (!result.isNewEntry) |
937 result.iterator->value.append(", " + value); | 948 result.iterator->value.append(", " + value); |
938 } | 949 } |
939 | 950 |
(...skipping 350 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1290 info.addMember(m_responseDocument, "responseDocument"); | 1301 info.addMember(m_responseDocument, "responseDocument"); |
1291 info.addMember(m_binaryResponseBuilder, "binaryResponseBuilder"); | 1302 info.addMember(m_binaryResponseBuilder, "binaryResponseBuilder"); |
1292 info.addMember(m_responseArrayBuffer, "responseArrayBuffer"); | 1303 info.addMember(m_responseArrayBuffer, "responseArrayBuffer"); |
1293 info.addMember(m_lastSendURL, "lastSendURL"); | 1304 info.addMember(m_lastSendURL, "lastSendURL"); |
1294 info.addMember(m_eventTargetData, "eventTargetData"); | 1305 info.addMember(m_eventTargetData, "eventTargetData"); |
1295 info.addMember(m_progressEventThrottle, "progressEventThrottle"); | 1306 info.addMember(m_progressEventThrottle, "progressEventThrottle"); |
1296 info.addMember(m_securityOrigin, "securityOrigin"); | 1307 info.addMember(m_securityOrigin, "securityOrigin"); |
1297 } | 1308 } |
1298 | 1309 |
1299 } // namespace WebCore | 1310 } // namespace WebCore |
OLD | NEW |