Following the fix for bug #177824, <https://trac.webkit.org/changeset/r222795/>, WebKit disallows all documents from setting arbitrary XHR headers and this broke Cardiogram on iOS. Prior to bug #177824 documents that could load local resources (e.g. file URLs) were allowed to set arbitrary XHR headers. Cardiogram depends on this privilege to set the XHR header Cookie, a forbidden header per the XHR spec [1]. We should add a compatibility fix for Cardiogram to avoid app breakage and allow the developers of Cardiogram time to update their app. [1] <https://fetch.spec.whatwg.org/#forbidden-header-name> (13 January 2018)
<rdar://problem/36286293>
Created attachment 331425 [details] Patch and layout test
Comment on attachment 331425 [details] Patch and layout test View in context: https://bugs.webkit.org/attachment.cgi?id=331425&action=review > Source/WebCore/ChangeLog:3143 > -2018-01-08 Zalan Bujtas <zalan@apple.com> > +2018-01-16 Daniel Bates <dabates@apple.com> Please fix the change log.
Committed r227075: <https://trac.webkit.org/changeset/227075>