| <html> |
| <body> |
| <p>Test that setRequestHeader cannot be used to alter security-sensitive headers.</p> |
| <pre id=result>FAIL: script didn't run or raised an unexpected exception.</pre> |
| <script> |
| if (window.layoutTestController) |
| layoutTestController.dumpAsText(); |
| |
| req = new XMLHttpRequest; |
| req.open("GET", "resources/print-headers.cgi", false); |
| |
| req.setRequestHeader("ACCEPT-CHARSET", "foobar"); |
| req.setRequestHeader("ACCEPT-ENCODING", "foobar"); |
| req.setRequestHeader("CONNECTION", "foobar"); |
| req.setRequestHeader("CONTENT-LENGTH", "123456"); |
| req.setRequestHeader("CONTENT-TRANSFER-ENCODING", "foobar"); |
| req.setRequestHeader("DATE", "foobar"); |
| req.setRequestHeader("EXPECT", "100-continue"); |
| req.setRequestHeader("HOST", "foobar"); |
| req.setRequestHeader("KEEP-ALIVE", "foobar"); |
| req.setRequestHeader("REFERER", "foobar"); |
| req.setRequestHeader("TE", "foobar"); |
| req.setRequestHeader("TRAILER", "foobar"); |
| req.setRequestHeader("TRANSFER-ENCODING", "foobar"); |
| req.setRequestHeader("UPGRADE", "foobar"); |
| req.setRequestHeader("VIA", "foobar"); |
| |
| req.setRequestHeader("Proxy-", "foobar"); |
| req.setRequestHeader("Proxy-test", "foobar"); |
| req.setRequestHeader("PROXY-FOO", "foobar"); |
| |
| try { |
| req.send(""); |
| if (req.responseText.match("100-continue|foobar|123456")) |
| document.getElementById("result").textContent = req.responseText; |
| else |
| document.getElementById("result").textContent = "SUCCESS"; |
| } catch (ex) { |
| document.getElementById("result").textContent = ex; |
| } |
| </script> |
| </body> |
| </html> |