diff options
Diffstat (limited to 'chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc')
-rw-r--r-- | chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc b/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc index 69c35483a78..32b4a71dbb5 100644 --- a/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc +++ b/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc @@ -1391,9 +1391,10 @@ void XMLHttpRequest::setRequestHeader(const AtomicString& name, return; } - // "5. Terminate these steps if |name| is a forbidden header name." + // "5. Terminate these steps if (|name|, |value|) is a forbidden request + // header." // No script (privileged or not) can set unsafe headers. - if (cors::IsForbiddenHeaderName(name)) { + if (cors::IsForbiddenRequestHeader(name, value)) { LogConsoleError(GetExecutionContext(), "Refused to set unsafe header \"" + name + "\""); return; |