From 76f23fc070e4ab8f0383f864585a0493a68d9b0d Mon Sep 17 00:00:00 2001
From: Youenn Fablet <youennf@gmail.com>
Date: Wed, 12 Feb 2014 00:02:31 +0000
Subject: XMLHttpRequest should not send DNT header

https://bugs.webkit.org/show_bug.cgi?id=128533

The DNT header should be set by web engines according user preferences.
That includes all HTTP requests, including XHR requests.
Unpriviledged web apps should not be allowed to override/interfere with
user preferences.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@163915 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Change-Id: I80bed1eb13826cdb3cfade3d51297f439b5016f4
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@theqtcompany.com>
---
 Source/WebCore/xml/XMLHttpRequest.cpp | 1 +
 1 file changed, 1 insertion(+)

(limited to 'Source/WebCore/xml/XMLHttpRequest.cpp')

diff --git a/Source/WebCore/xml/XMLHttpRequest.cpp b/Source/WebCore/xml/XMLHttpRequest.cpp
index 853ec4756..e854019bc 100644
--- a/Source/WebCore/xml/XMLHttpRequest.cpp
+++ b/Source/WebCore/xml/XMLHttpRequest.cpp
@@ -104,6 +104,7 @@ XMLHttpRequestStaticData::XMLHttpRequestStaticData()
     m_forbiddenRequestHeaders.add("cookie");
     m_forbiddenRequestHeaders.add("cookie2");
     m_forbiddenRequestHeaders.add("date");
+    m_forbiddenRequestHeaders.add("dnt");
     m_forbiddenRequestHeaders.add("expect");
     m_forbiddenRequestHeaders.add("host");
     m_forbiddenRequestHeaders.add("keep-alive");
-- 
cgit v1.2.1