RESOLVED FIXED Bug 28818
set-dangerous-headers.html shouldn't set allowed header to same value as forbidden headers 
https://bugs.webkit.org/show_bug.cgi?id=28818
Summary set-dangerous-headers.html shouldn't set allowed header to same value as forb...
Julie Parent
Reported 2009-08-28 13:47:57 PDT
LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers.html sets the allowed header "AUTHORIZATION" to "foobar", the same value used for forbidden headers. When this test is run using an http server that doesn't strip out AUTHORIZATION from the response (like lighttp), the test fails because foobar is in the response. The value should be changed to a different value from the forbidden one.
Attachments
Changes setting the value for AUTHORIZATION to "baz" from "foobar" (1.87 KB, patch)
2009-08-28 13:50 PDT, Julie Parent 		ap: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Julie Parent
Comment 1 2009-08-28 13:50:54 PDT
Created attachment 38752 [details] Changes setting the value for AUTHORIZATION to "baz" from "foobar"
Alexey Proskuryakov
Comment 2 2009-08-28 13:59:23 PDT
Comment on attachment 38752 [details] Changes setting the value for AUTHORIZATION to "baz" from "foobar" > + // AUTHORIZATION is no longer forbidden. See > + // http://trac.webkit.org/changeset/42314 and the associated bug for more > + // details. Set to a value other than the foobar since some http servers > + // (lighttp) do not strip this out (Apache does). I'd link to the bug, not to trac entry (Bugzilla URLs are used more often, and will hopefully be more stable in the long run). r=me
Alexey Proskuryakov
Comment 3 2009-09-01 10:48:46 PDT
This was committed in <http://trac.webkit.org/projects/webkit/changeset/47873>.
Note You need to log in before you can comment on or make changes to this bug.