Bug 28818

Summary:

set-dangerous-headers.html shouldn't set allowed header to same value as forbidden headers

Product:

WebKit

Reporter:

Julie Parent <jparent>

Component:

Tools / Tests

Assignee:

Julie Parent <jparent>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

Priority:

Version:

528+ (Nightly build)

Hardware:

OS:

OS X 10.5

Attachments:

Description	Flags
Changes setting the value for AUTHORIZATION to "baz" from "foobar"	ap: review+

Description Julie Parent 2009-08-28 13:47:57 PDT

LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers.html sets the allowed header "AUTHORIZATION" to "foobar", the same value used for forbidden headers.  When this test is run using an http server that doesn't strip out AUTHORIZATION from the response (like lighttp), the test fails because foobar is in the response.  The value should be changed to a different value from the forbidden one.

Comment 1 Julie Parent 2009-08-28 13:50:54 PDT

Created attachment 38752 [details]
Changes setting the value for AUTHORIZATION to "baz" from "foobar"

Comment 2 Alexey Proskuryakov 2009-08-28 13:59:23 PDT

Comment on attachment 38752 [details]
Changes setting the value for AUTHORIZATION to "baz" from "foobar"

> +    // AUTHORIZATION is no longer forbidden. See
> +    // http://trac.webkit.org/changeset/42314 and the associated bug for more
> +    // details. Set to a value other than the foobar since some http servers
> +    // (lighttp) do not strip this out (Apache does).

I'd link to the bug, not to trac entry (Bugzilla URLs are used more often, and will hopefully be more stable in the long run).

r=me

Comment 3 Alexey Proskuryakov 2009-09-01 10:48:46 PDT

This was committed in <http://trac.webkit.org/projects/webkit/changeset/47873>.