|Summary:||set-dangerous-headers.html shouldn't set allowed header to same value as forbidden headers|
|Product:||WebKit||Reporter:||Julie Parent <jparent>|
|Component:||Tools / Tests||Assignee:||Julie Parent <jparent>|
|Version:||528+ (Nightly build)|
|OS:||OS X 10.5|
Description Julie Parent 2009-08-28 13:47:57 PDT
LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers.html sets the allowed header "AUTHORIZATION" to "foobar", the same value used for forbidden headers. When this test is run using an http server that doesn't strip out AUTHORIZATION from the response (like lighttp), the test fails because foobar is in the response. The value should be changed to a different value from the forbidden one.
Comment 1 Julie Parent 2009-08-28 13:50:54 PDT
Created attachment 38752 [details] Changes setting the value for AUTHORIZATION to "baz" from "foobar"
Comment 2 Alexey Proskuryakov 2009-08-28 13:59:23 PDT
Comment on attachment 38752 [details] Changes setting the value for AUTHORIZATION to "baz" from "foobar" > + // AUTHORIZATION is no longer forbidden. See > + // http://trac.webkit.org/changeset/42314 and the associated bug for more > + // details. Set to a value other than the foobar since some http servers > + // (lighttp) do not strip this out (Apache does). I'd link to the bug, not to trac entry (Bugzilla URLs are used more often, and will hopefully be more stable in the long run). r=me
Comment 3 Alexey Proskuryakov 2009-09-01 10:48:46 PDT
This was committed in <http://trac.webkit.org/projects/webkit/changeset/47873>.