[Webkit-unassigned] [Bug 179475] New: [SOUP] Case of request headers depends on global state in libsoup

Thu Nov 9 05:09:35 PST 2017

https://bugs.webkit.org/show_bug.cgi?id=179475

            Bug ID: 179475
           Summary: [SOUP] Case of request headers depends on global state
                    in libsoup
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: Ms2ger at igalia.com
                CC: bugs-noreply at webkitgtk.org

http://w3c-test.org/fetch/api/basic/request-headers-case.any.html

soup_message_headers_append interns the header name case-insensitively, and always uses the casing it got in the first call. This means that

fetch("..", {headers: [["TEST", 1]] })
fetch("..", {headers: [["test", 1]] })

will the same header name twice. The name might be "TEST", or it might be any other casing which any other web page has used during the runtime of the browser.

This also provides a way of cross-origin communication: if a web page A uses a sufficiently unique header name in a particular casing, another web page B can check if page A was loaded before page B by checking what happens when using the header name in a different casing.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171109/79865f69/attachment.html>