[webkit-reviews] review granted: [Bug 28818] set-dangerous-headers.html shouldn't set allowed header to same value as forbidden headers : [Attachment 38752] Changes setting the value for AUTHORIZATION to "baz" from "foobar"

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Aug 28 13:59:23 PDT 2009


Alexey Proskuryakov <ap at webkit.org> has granted Julie Parent
<jparent at google.com>'s request for review:
Bug 28818: set-dangerous-headers.html shouldn't set allowed header to same
value as forbidden headers
https://bugs.webkit.org/show_bug.cgi?id=28818

Attachment 38752: Changes setting the value for AUTHORIZATION to "baz" from
"foobar"
https://bugs.webkit.org/attachment.cgi?id=38752&action=review

------- Additional Comments from Alexey Proskuryakov <ap at webkit.org>
> +    // AUTHORIZATION is no longer forbidden. See
> +    // http://trac.webkit.org/changeset/42314 and the associated bug for
more
> +    // details. Set to a value other than the foobar since some http servers

> +    // (lighttp) do not strip this out (Apache does).

I'd link to the bug, not to trac entry (Bugzilla URLs are used more often, and
will hopefully be more stable in the long run).

r=me


More information about the webkit-reviews mailing list