Opened 3 years ago

Closed 3 years ago

#4951 closed change (fixed)

Reject forbidden headers in XHR requests

Reported by: hfiguiere Assignee: hfiguiere
Priority: P3 Milestone:
Module: Libadblockplus Keywords:
Cc: sergz Blocked By:
Blocking: Platform: Unknown / Cross platform
Ready: yes Confidential: no
Tester: Unknown Verified working: no
Review URL(s):

https://codereview.adblockplus.org/29377825

Description

This is split off #4916

We might want to reject Accept-Encoding and the other headers that cannot be set in XMLHttpRequest according to the spec: ​https://www.w3.org/TR/2009/WD-XMLHttpRequest-20091119/#the-setrequestheader-method

Change History (9)

comment:1 Changed 3 years ago by hfiguiere

  • Review URL(s) modified (diff)
  • Status changed from new to reviewing

comment:2 Changed 3 years ago by sergz

  • Cc sergz added

comment:3 Changed 3 years ago by hfiguiere

  • Ready set

comment:4 Changed 3 years ago by hfiguiere

  • Type changed from defect to change

comment:5 Changed 3 years ago by abpbot

A commit referencing this issue has landed:
Issue 4951 - Restrict request headers in XMLHttpRequest.

comment:6 Changed 3 years ago by hfiguiere

  • Blocked By 4916 removed
  • Resolution set to fixed
  • Status changed from reviewing to closed

comment:7 Changed 3 years ago by hfiguiere

  • Resolution fixed deleted
  • Status changed from closed to reopened

(I have a small followup patch)

comment:8 Changed 3 years ago by hfiguiere

  • Review URL(s) modified (diff)

comment:9 Changed 3 years ago by hfiguiere

  • Resolution set to fixed
  • Review URL(s) modified (diff)
  • Status changed from reopened to closed

followup patch won't be assigned to the issue.

Note: See TracTickets for help on using tickets.