summaryrefslogtreecommitdiff
path: root/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc')
-rw-r--r--chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc5
1 files changed, 3 insertions, 2 deletions
diff --git a/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc b/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc
index 69c35483a78..32b4a71dbb5 100644
--- a/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc
+++ b/chromium/third_party/blink/renderer/core/xmlhttprequest/xml_http_request.cc
@@ -1391,9 +1391,10 @@ void XMLHttpRequest::setRequestHeader(const AtomicString& name,
return;
}
- // "5. Terminate these steps if |name| is a forbidden header name."
+ // "5. Terminate these steps if (|name|, |value|) is a forbidden request
+ // header."
// No script (privileged or not) can set unsafe headers.
- if (cors::IsForbiddenHeaderName(name)) {
+ if (cors::IsForbiddenRequestHeader(name, value)) {
LogConsoleError(GetExecutionContext(),
"Refused to set unsafe header \"" + name + "\"");
return;
View Lorry Controller Status