Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(206)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers.html

Issue 2254693002: Delay generation of User-Agent header to URLRequestHttpJob and accept custom User-Agent from XHR/Fe… Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: a Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/url_request/url_request_http_job.cc ('K') | « third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-request-xhr-iframe.html ('k') | third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers-expected.txt » ('j') | third_party/WebKit/Source/platform/network/ResourceRequest.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <html> 1 <html>
2 <body> 2 <body>
3 <p>Test that setRequestHeader cannot be used to alter security-sensitive headers .</p> 3 <p>Test that setRequestHeader cannot be used to alter security-sensitive headers .</p>
4 <pre id=result>FAIL: script didn't run or raised an unexpected exception.</pre> 4 <pre id=result>FAIL: script didn't run or raised an unexpected exception.</pre>
5 <script> 5 <script>
6 if (window.testRunner) 6 if (window.testRunner)
7 testRunner.dumpAsText(); 7 testRunner.dumpAsText();
8 8
9 req = new XMLHttpRequest; 9 req = new XMLHttpRequest;
10 req.open("GET", "resources/print-headers.cgi", false); 10 req.open("GET", "resources/print-headers.cgi", false);
11 11
12 req.setRequestHeader("ACCEPT-CHARSET", "foobar"); 12 req.setRequestHeader("ACCEPT-CHARSET", "foobar");
13 req.setRequestHeader("ACCEPT-ENCODING", "foobar"); 13 req.setRequestHeader("ACCEPT-ENCODING", "foobar");
14 req.setRequestHeader("ACCESS-CONTROL-REQUEST-HEADERS", "foobar"); 14 req.setRequestHeader("ACCESS-CONTROL-REQUEST-HEADERS", "foobar");
15 req.setRequestHeader("ACCESS-CONTROL-REQUEST-METHOD", "foobar"); 15 req.setRequestHeader("ACCESS-CONTROL-REQUEST-METHOD", "foobar");
16 // AUTHORIZATION is no longer forbidden. See
17 // https://bugs.webkit.org/show_bug.cgi?id=24957 for more details. Set to
18 // a value other than the foobar since some http servers (lighttp) do not
19 // strip this out (Apache does).
20 req.setRequestHeader("AUTHORIZATION", "baz");
21 req.setRequestHeader("CONNECTION", "foobar"); 16 req.setRequestHeader("CONNECTION", "foobar");
22 req.setRequestHeader("CONTENT-LENGTH", "123456"); 17 req.setRequestHeader("CONTENT-LENGTH", "123456");
23 req.setRequestHeader("COOKIE", "foobar"); 18 req.setRequestHeader("COOKIE", "foobar");
24 req.setRequestHeader("COOKIE2", "foobar"); 19 req.setRequestHeader("COOKIE2", "foobar");
25 req.setRequestHeader("DATE", "foobar"); 20 req.setRequestHeader("DATE", "foobar");
26 req.setRequestHeader("DNT", "foobar"); 21 req.setRequestHeader("DNT", "foobar");
27 req.setRequestHeader("EXPECT", "100-continue"); 22 req.setRequestHeader("EXPECT", "100-continue");
28 req.setRequestHeader("HOST", "foobar"); 23 req.setRequestHeader("HOST", "foobar");
29 req.setRequestHeader("KEEP-ALIVE", "foobar"); 24 req.setRequestHeader("KEEP-ALIVE", "foobar");
30 req.setRequestHeader("ORIGIN", "foobar"); 25 req.setRequestHeader("ORIGIN", "foobar");
31 req.setRequestHeader("REFERER", "foobar"); 26 req.setRequestHeader("REFERER", "foobar");
32 req.setRequestHeader("TE", "foobar"); 27 req.setRequestHeader("TE", "foobar");
33 req.setRequestHeader("TRAILER", "foobar"); 28 req.setRequestHeader("TRAILER", "foobar");
34 req.setRequestHeader("TRANSFER-ENCODING", "foobar"); 29 req.setRequestHeader("TRANSFER-ENCODING", "foobar");
35 req.setRequestHeader("UPGRADE", "foobar"); 30 req.setRequestHeader("UPGRADE", "foobar");
36 req.setRequestHeader("USER-AGENT", "foobar");
37 req.setRequestHeader("VIA", "foobar"); 31 req.setRequestHeader("VIA", "foobar");
38 32
39 req.setRequestHeader("Proxy-", "foobar"); 33 req.setRequestHeader("Proxy-", "foobar");
40 req.setRequestHeader("Proxy-test", "foobar"); 34 req.setRequestHeader("Proxy-test", "foobar");
41 req.setRequestHeader("PROXY-FOO", "foobar"); 35 req.setRequestHeader("PROXY-FOO", "foobar");
42 36
43 req.setRequestHeader("Sec-", "foobar"); 37 req.setRequestHeader("Sec-", "foobar");
44 req.setRequestHeader("Sec-test", "foobar"); 38 req.setRequestHeader("Sec-test", "foobar");
45 req.setRequestHeader("SEC-FOO", "foobar"); 39 req.setRequestHeader("SEC-FOO", "foobar");
46 40
47 try { 41 try {
48 req.send(""); 42 req.send();
49 if (req.responseText.match("100-continue|foobar|123456")) 43 if (req.responseText.match("100-continue|foobar|123456"))
50 document.getElementById("result").textContent = req.responseText; 44 document.getElementById("result").textContent = req.responseText;
51 else 45 else
52 document.getElementById("result").textContent = "SUCCESS"; 46 document.getElementById("result").textContent = "SUCCESS";
53 } catch (ex) { 47 } catch (ex) {
54 document.getElementById("result").textContent = ex; 48 document.getElementById("result").textContent = ex;
55 } 49 }
56 </script> 50 </script>
57 </body> 51 </body>
58 </html> 52 </html>
OLDNEW
« net/url_request/url_request_http_job.cc ('K') | « third_party/WebKit/LayoutTests/http/tests/serviceworker/resources/fetch-request-xhr-iframe.html ('k') | third_party/WebKit/LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers-expected.txt » ('j') | third_party/WebKit/Source/platform/network/ResourceRequest.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698