Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(6)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: LayoutTests/fast/xmlhttprequest/set-dangerous-headers-local.html

Issue 385493002: Revert of Update XMLHttpRequest forbidden header names. (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | LayoutTests/fast/xmlhttprequest/set-dangerous-headers-local-expected.txt » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <html> 1 <html>
2 <body> 2 <body>
3 <p>Test that setRequestHeader cannot be used to alter security-sensitive headers 3 <p>Test that setRequestHeader cannot be used to alter security-sensitive headers
4 for file:// urls.</p> 4 for file:// urls.</p>
5 <pre id=result>FAIL: script didn't run or raised an unexpected exception.</pre> 5 <pre id=result>FAIL: script didn't run or raised an unexpected exception.</pre>
6 <script> 6 <script>
7 if (window.testRunner) 7 if (window.testRunner)
8 testRunner.dumpAsText(); 8 testRunner.dumpAsText();
9 9
10 if (window.location.href.indexOf("file://") != 0) { 10 if (window.location.href.indexOf("file://") != 0) {
11 document.getElementById("result").textContent = 11 document.getElementById("result").textContent =
12 "ERROR: Not running from file:// origin."; 12 "ERROR: Not running from file:// origin.";
13 } else { 13 } else {
14 req = new XMLHttpRequest; 14 req = new XMLHttpRequest;
15 req.open("GET", "resources/print-headers.cgi", false); 15 req.open("GET", "resources/print-headers.cgi", false);
16 16
17 req.setRequestHeader("ACCEPT-CHARSET", "foobar"); 17 req.setRequestHeader("ACCEPT-CHARSET", "foobar");
18 req.setRequestHeader("ACCEPT-ENCODING", "foobar"); 18 req.setRequestHeader("ACCEPT-ENCODING", "foobar");
19 req.setRequestHeader("ACCESS-CONTROL-REQUEST-HEADERS", "foobar"); 19 req.setRequestHeader("ACCESS-CONTROL-REQUEST-HEADERS", "foobar");
20 req.setRequestHeader("ACCESS-CONTROL-REQUEST-METHOD", "foobar"); 20 req.setRequestHeader("ACCESS-CONTROL-REQUEST-METHOD", "foobar");
21 // AUTHORIZATION is no longer forbidden. See 21 // AUTHORIZATION is no longer forbidden. See
22 // https://bugs.webkit.org/show_bug.cgi?id=24957 for more details. Set t o 22 // https://bugs.webkit.org/show_bug.cgi?id=24957 for more details. Set t o
23 // a value other than the foobar since some http servers (lighttp) do no t 23 // a value other than the foobar since some http servers (lighttp) do no t
24 // strip this out (Apache does). 24 // strip this out (Apache does).
25 req.setRequestHeader("AUTHORIZATION", "baz"); 25 req.setRequestHeader("AUTHORIZATION", "baz");
26 req.setRequestHeader("CONNECTION", "foobar"); 26 req.setRequestHeader("CONNECTION", "foobar");
27 req.setRequestHeader("CONTENT-LENGTH", "123456"); 27 req.setRequestHeader("CONTENT-LENGTH", "123456");
28 req.setRequestHeader("CONTENT-TRANSFER-ENCODING", "foobar");
28 req.setRequestHeader("COOKIE", "foobar"); 29 req.setRequestHeader("COOKIE", "foobar");
29 req.setRequestHeader("COOKIE2", "foobar"); 30 req.setRequestHeader("COOKIE2", "foobar");
30 req.setRequestHeader("DATE", "foobar"); 31 req.setRequestHeader("DATE", "foobar");
31 req.setRequestHeader("DNT", "foobar");
32 req.setRequestHeader("EXPECT", "100-continue"); 32 req.setRequestHeader("EXPECT", "100-continue");
33 req.setRequestHeader("HOST", "foobar"); 33 req.setRequestHeader("HOST", "foobar");
34 req.setRequestHeader("KEEP-ALIVE", "foobar"); 34 req.setRequestHeader("KEEP-ALIVE", "foobar");
35 req.setRequestHeader("ORIGIN", "foobar"); 35 req.setRequestHeader("ORIGIN", "foobar");
36 req.setRequestHeader("REFERER", "foobar"); 36 req.setRequestHeader("REFERER", "foobar");
37 req.setRequestHeader("TE", "foobar"); 37 req.setRequestHeader("TE", "foobar");
38 req.setRequestHeader("TRAILER", "foobar"); 38 req.setRequestHeader("TRAILER", "foobar");
39 req.setRequestHeader("TRANSFER-ENCODING", "foobar"); 39 req.setRequestHeader("TRANSFER-ENCODING", "foobar");
40 req.setRequestHeader("UPGRADE", "foobar"); 40 req.setRequestHeader("UPGRADE", "foobar");
41 req.setRequestHeader("USER-AGENT", "foobar"); 41 req.setRequestHeader("USER-AGENT", "foobar");
(...skipping 14 matching lines...) Expand all
56 req.responseText; 56 req.responseText;
57 else 57 else
58 document.getElementById("result").textContent = "SUCCESS"; 58 document.getElementById("result").textContent = "SUCCESS";
59 } catch (ex) { 59 } catch (ex) {
60 document.getElementById("result").textContent = ex; 60 document.getElementById("result").textContent = ex;
61 } 61 }
62 } 62 }
63 </script> 63 </script>
64 </body> 64 </body>
65 </html> 65 </html>
OLDNEW
« no previous file with comments | « no previous file | LayoutTests/fast/xmlhttprequest/set-dangerous-headers-local-expected.txt » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698