Bug 18616

Summary:

Update XMLHttpRequest blocked header list

Product:

WebKit

Reporter:

Adam Barth <abarth>

Component:

XML

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

collinj, mrowe, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
First pass at a patch	sam: review+

Adam Barth

Reported 2008-04-18 22:34:34 PDT

The XMLHttpRequest spec <http://www.w3.org/TR/XMLHttpRequest/> was recently updated to block more dangerous headers. We should update our implementation to block them as well. I have a patch in my local tree. I'll upload it shortly.

Attachments
First pass at a patch (3.46 KB, patch) 2008-04-18 22:39 PDT, Adam Barth	sam: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Adam Barth

Comment 1 2008-04-18 22:39:23 PDT

Created attachment 20684 [details] First pass at a patch Here's a first pass at a patch. My tree is having issues at the moment, so I haven't been able to test this yet. I should be able to test it in the next couple of days.

Adam Barth

Comment 2 2008-04-20 14:56:36 PDT

Comment on attachment 20684 [details] First pass at a patch Collin ran the tests and they pass.

Mark Rowe (bdash)

Comment 3 2008-04-24 17:50:38 PDT

Landed in r32526.

Note You need to log in before you can comment on or make changes to this bug.