Opened on 03/03/2017 at 01:42:16 PM
Closed on 03/13/2017 at 07:31:58 PM
#4951 closed change (fixed)
Reject forbidden headers in XHR requests
| Reported by: | hfiguiere | Assignee: | hfiguiere |
|---|---|---|---|
| Priority: | P3 | Milestone: | |
| Module: | Libadblockplus | Keywords: | |
| Cc: | sergz | Blocked By: | |
| Blocking: | Platform: | Unknown / Cross platform | |
| Ready: | yes | Confidential: | no |
| Tester: | Unknown | Verified working: | no |
| Review URL(s): | |||
Description
This is split off #4916
We might want to reject Accept-Encoding and the other headers that cannot be set in XMLHttpRequest according to the spec: https://www.w3.org/TR/2009/WD-XMLHttpRequest-20091119/#the-setrequestheader-method
Attachments (0)
Change History (9)
comment:1 Changed on 03/03/2017 at 01:42:57 PM by hfiguiere
- Review URL(s) modified (diff)
- Status changed from new to reviewing
comment:2 Changed on 03/03/2017 at 01:48:25 PM by sergz
- Cc sergz added
comment:3 Changed on 03/03/2017 at 07:09:01 PM by hfiguiere
- Ready set
comment:4 Changed on 03/03/2017 at 08:19:36 PM by hfiguiere
- Type changed from defect to change
comment:5 Changed on 03/09/2017 at 04:43:06 PM by abpbot
comment:6 Changed on 03/09/2017 at 04:49:48 PM by hfiguiere
- Blocked By 4916 removed
- Resolution set to fixed
- Status changed from reviewing to closed
comment:7 Changed on 03/13/2017 at 02:13:04 PM by hfiguiere
- Resolution fixed deleted
- Status changed from closed to reopened
(I have a small followup patch)
Note: See
TracTickets for help on using
tickets.
A commit referencing this issue has landed:
Issue 4951 - Restrict request headers in XMLHttpRequest.