[webkit-reviews] review granted: [Bug 177829] XMLHttpRequest.setRequestHeader() should allow Content-Transfer-Encoding header; remove duplicate logic to check for a forbidden XHR header field : [Attachment 322561] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Oct 3 12:53:43 PDT 2017
Alexey Proskuryakov <ap at webkit.org> has granted Daniel Bates
<dbates at webkit.org>'s request for review:
Bug 177829: XMLHttpRequest.setRequestHeader() should allow
Content-Transfer-Encoding header; remove duplicate logic to check for a
forbidden XHR header field
https://bugs.webkit.org/show_bug.cgi?id=177829
Attachment 322561: Patch
https://bugs.webkit.org/attachment.cgi?id=322561&action=review
--- Comment #2 from Alexey Proskuryakov <ap at webkit.org> ---
Comment on attachment 322561
--> https://bugs.webkit.org/attachment.cgi?id=322561
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=322561&action=review
> LayoutTests/fast/xmlhttprequest/set-dangerous-headers-in-dashboard.html:26
> + // CONTENT-TRANSFER-ENCODING is no longer forbidden since
<https://www.w3.org/TR/2012/WD-XMLHttpRequest-20121206/>.
> req.setRequestHeader("CONTENT-TRANSFER-ENCODING", "foobar");
It is strange to keep this header filed name tested here - we don't test other
safe names in these tests. It would be cleaner to remove it from these tests,
and to add a new one for this fix.
This is a suggested change, not a condition for r+.
More information about the webkit-reviews
mailing list