Index: Source/core/xml/XMLHttpRequest.cpp |
diff --git a/Source/core/xml/XMLHttpRequest.cpp b/Source/core/xml/XMLHttpRequest.cpp |
index 7ac3d25f622e78d82bc500de0708943fcbcb96b6..721eb66d658eea25e674ca40b10519df39fe5992 100644 |
--- a/Source/core/xml/XMLHttpRequest.cpp |
+++ b/Source/core/xml/XMLHttpRequest.cpp |
@@ -921,8 +921,8 @@ void XMLHttpRequest::setRequestHeader(const AtomicString& name, const String& va |
return; |
} |
- // A privileged script can set any headers. |
- if (!securityOrigin()->canLoadLocalResources() && !isAllowedHTTPHeader(name)) { |
+ // No script (privileged or not) can set unsafe headers. |
+ if (!isAllowedHTTPHeader(name)) { |
logConsoleError(scriptExecutionContext(), "Refused to set unsafe header \"" + name + "\""); |
return; |
} |