diff options
Diffstat (limited to 'dom/xhr/tests/test_xhr_forbidden_headers.html')
-rw-r--r-- | dom/xhr/tests/test_xhr_forbidden_headers.html | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/dom/xhr/tests/test_xhr_forbidden_headers.html b/dom/xhr/tests/test_xhr_forbidden_headers.html new file mode 100644 index 0000000000..d393544b79 --- /dev/null +++ b/dom/xhr/tests/test_xhr_forbidden_headers.html @@ -0,0 +1,96 @@ +<!DOCTYPE HTML> +<html> +<!-- +https://bugzilla.mozilla.org/show_bug.cgi?id=308484 +--> +<head> + <title>Test for Bug 308484</title> + <script src="/tests/SimpleTest/SimpleTest.js"></script> + <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" /> +</head> +<body> +<a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=308484">Mozilla Bug 308484</a> +<p id="display"></p> +<div id="content" style="display: none"> + +</div> +<pre id="test"> +<script class="testbody" type="text/javascript"> + +/** Test for Bug 308484 **/ + +var headers = [ + "aCCept-chaRset", + "acCePt-eNcoDing", + "aCcEsS-cOnTrOl-ReQuEsT-mEtHoD", + "aCcEsS-cOnTrOl-ReQuEsT-hEaDeRs", + "coNnEctIon", + "coNtEnt-LEngth", + "CoOKIe", + "cOOkiE2", + "DATE", + "dNT", + "exPeCt", + "hOSt", + "keep-alive", + "oRiGiN", + "reFERer", + "te", + "trAiLer", + "trANsfEr-eNcoDiNg", + "uPGraDe", + "viA", + "pRoxy-", + "sEc-", + "proxy-fOobar", + "sec-bAZbOx" +]; +var i, request; + +function startTest() { + // Try setting headers in unprivileged context + request = new XMLHttpRequest(); + request.open("GET", window.location.href); + for (i = 0; i < headers.length; i++) + request.setRequestHeader(headers[i], "test" + i); + request.send(); // headers aren't set on the channel until send() + + // Read out headers + channel = SpecialPowers.wrap(request).channel.QueryInterface(SpecialPowers.Ci.nsIHttpChannel); + for (i = 0; i < headers.length; i++) { + // Retrieving Content-Length will throw an exception + value = null; + try { + value = channel.getRequestHeader(headers[i]); + } + catch(e) {} + + isnot(value, "test" + i, "Setting " + headers[i] + " header in unprivileged context"); + } + + // Try setting headers in privileged context + request = new XMLHttpRequest({mozAnon: true, mozSystem: true}); + request.open("GET", window.location.href); + for (i = 0; i < headers.length; i++) + request.setRequestHeader(headers[i], `http://test${i}/`); + request.send(); // headers aren't set on the channel until send() + + // Read out headers + var channel = SpecialPowers.wrap(request).channel.QueryInterface(SpecialPowers.Ci.nsIHttpChannel); + for (i = 0; i < headers.length; i++) { + var value = channel.getRequestHeader(headers[i]); + is(value, `http://test${i}/`, "Setting " + headers[i] + " header in privileged context"); + } + + SimpleTest.finish(); +} + +SimpleTest.waitForExplicitFinish(); + +addLoadEvent(function() { + SpecialPowers.pushPermissions([{'type': 'systemXHR', 'allow': true, 'context': document}], startTest); +}); +</script> +</pre> +</body> +</html> |