[webkit-reviews] review granted: [Bug 177829] XMLHttpRequest.setRequestHeader() should allow Content-Transfer-Encoding header; remove duplicate logic to check for a forbidden XHR header field : [Attachment 322561] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 3 12:53:43 PDT 2017


Alexey Proskuryakov <ap at webkit.org> has granted Daniel Bates
<dbates at webkit.org>'s request for review:
Bug 177829: XMLHttpRequest.setRequestHeader() should allow
Content-Transfer-Encoding header; remove duplicate logic to check for a
forbidden XHR header field
https://bugs.webkit.org/show_bug.cgi?id=177829

Attachment 322561: Patch

https://bugs.webkit.org/attachment.cgi?id=322561&action=review




--- Comment #2 from Alexey Proskuryakov <ap at webkit.org> ---
Comment on attachment 322561
  --> https://bugs.webkit.org/attachment.cgi?id=322561
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=322561&action=review

> LayoutTests/fast/xmlhttprequest/set-dangerous-headers-in-dashboard.html:26
> +    // CONTENT-TRANSFER-ENCODING is no longer forbidden since
<https://www.w3.org/TR/2012/WD-XMLHttpRequest-20121206/>.
>      req.setRequestHeader("CONTENT-TRANSFER-ENCODING", "foobar");

It is strange to keep this header filed name tested here - we don't test other
safe names in these tests. It would be cleaner to remove it from these tests,
and to add a new one for this fix.

This is a suggested change, not a condition for r+.


More information about the webkit-reviews mailing list