LayoutTests/http/tests/xmlhttprequest/set-dangerous-headers.html sets the allowed header "AUTHORIZATION" to "foobar", the same value used for forbidden headers. When this test is run using an http server that doesn't strip out AUTHORIZATION from the response (like lighttp), the test fails because foobar is in the response. The value should be changed to a different value from the forbidden one.
Created attachment 38752 [details] Changes setting the value for AUTHORIZATION to "baz" from "foobar"
Comment on attachment 38752 [details] Changes setting the value for AUTHORIZATION to "baz" from "foobar" > + // AUTHORIZATION is no longer forbidden. See > + // http://trac.webkit.org/changeset/42314 and the associated bug for more > + // details. Set to a value other than the foobar since some http servers > + // (lighttp) do not strip this out (Apache does). I'd link to the bug, not to trac entry (Bugzilla URLs are used more often, and will hopefully be more stable in the long run). r=me
This was committed in <http://trac.webkit.org/projects/webkit/changeset/47873>.