check for unsafe headers before setting header - Githubissues

browserify / http-browserify

node's http module, but for the browser

MIT License

244 stars 110 forks source link

check for unsafe headers before setting header #7

Closed nlacasse closed 12 years ago

nlacasse commented 12 years ago

Using http-browserify, my console was flooded with messages like this:

Refused to set unsafe header "Content-Length"
Refused to set unsafe header "User-Agent"

There are some "unsafe" headers that we cannot set on an XHR.

This is poorly documented, but I found Mozilla's list of unsafe headers here: http://dxr.mozilla.org/mozilla/mozilla-central/content/base/src/nsXMLHttpRequest.cpp.html

And I found Webkit's list of unsafe headers here: http://opensource.apple.com/source/WebCore/WebCore-5525.28.4/xml/XMLHttpRequest.cpp

This commit makes sure we don't call xhr.setRequestHeader on an unsafe header. I used the Mozilla list because it is a superset of the Webkit list.

nlacasse commented 12 years ago

Sorry to make this 2 commits. I moved the array initialization out of the function call, and used 4 spaces for indentation.

The commits are each a bit ugly, but the total diff is clean.