Left: | ||
Right: |
OLD | NEW |
---|---|
1 /* | 1 /* |
2 * This file is part of Adblock Plus <https://adblockplus.org/>, | 2 * This file is part of Adblock Plus <https://adblockplus.org/>, |
3 * Copyright (C) 2006-2016 Eyeo GmbH | 3 * Copyright (C) 2006-2016 Eyeo GmbH |
4 * | 4 * |
5 * Adblock Plus is free software: you can redistribute it and/or modify | 5 * Adblock Plus is free software: you can redistribute it and/or modify |
6 * it under the terms of the GNU General Public License version 3 as | 6 * it under the terms of the GNU General Public License version 3 as |
7 * published by the Free Software Foundation. | 7 * published by the Free Software Foundation. |
8 * | 8 * |
9 * Adblock Plus is distributed in the hope that it will be useful, | 9 * Adblock Plus is distributed in the hope that it will be useful, |
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of | 10 * but WITHOUT ANY WARRANTY; without even the implied warranty of |
(...skipping 279 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
290 _requestHeaders: null, | 290 _requestHeaders: null, |
291 _responseHeaders: null, | 291 _responseHeaders: null, |
292 _loadHandlers: null, | 292 _loadHandlers: null, |
293 _errorHandlers: null, | 293 _errorHandlers: null, |
294 onload: null, | 294 onload: null, |
295 onerror: null, | 295 onerror: null, |
296 status: 0, | 296 status: 0, |
297 readyState: 0, | 297 readyState: 0, |
298 responseText: null, | 298 responseText: null, |
299 | 299 |
300 // list taken from https://developer.mozilla.org/en-US/docs/Glossary/Forbidden _header_name | |
301 _forbiddenRequestHeaders: { | |
302 "accept-charset": true, | |
Felix Dahlke
2017/03/03 08:33:05
The v8 version we use should support Set [1], it s
hub
2017/03/03 13:44:16
It seems not
C++ exception with description "Refer
| |
303 "accept-encoding": true, | |
304 "access-control-request-headers": true, | |
305 "access-control-request-method": true, | |
306 "connection": true, | |
307 "content-length": true, | |
308 "cookie": true, | |
309 "cookie2": true, | |
310 "date": true, | |
311 "dnt": true, | |
312 "expect": true, | |
313 "host": true, | |
314 "keep-alive": true, | |
315 "origin": true, | |
316 "referer": true, | |
317 "te": true, | |
318 "trailer": true, | |
319 "transfer-encoding": true, | |
320 "upgrade": true, | |
321 "via": true, | |
322 }, | |
323 _forbiddenRequestHeadersRe: new RegExp("^(Proxy|Sec)-", "i"), | |
324 | |
325 _isRequestHeaderAllowed: function(header) | |
326 { | |
327 if (this._forbiddenRequestHeaders.hasOwnProperty(header.toLowerCase())) { | |
Felix Dahlke
2017/03/03 08:33:05
Nit: Opening braces go on their own line where pos
hub
2017/03/03 13:44:16
Acknowledged.
| |
328 return false; | |
329 } | |
330 if (header.match(this._forbiddenRequestHeadersRe)) { | |
331 return false; | |
332 } | |
333 return true; | |
334 }, | |
335 | |
300 addEventListener: function(eventName, handler, capture) | 336 addEventListener: function(eventName, handler, capture) |
301 { | 337 { |
302 var list; | 338 var list; |
303 if (eventName == "load") | 339 if (eventName == "load") |
304 list = this._loadHandlers; | 340 list = this._loadHandlers; |
305 else if (eventName == "error") | 341 else if (eventName == "error") |
306 list = this._errorHandlers; | 342 list = this._errorHandlers; |
307 else | 343 else |
308 throw new Error("Event type " + eventName + " not supported"); | 344 throw new Error("Event type " + eventName + " not supported"); |
309 | 345 |
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
373 | 409 |
374 overrideMimeType: function(mime) | 410 overrideMimeType: function(mime) |
375 { | 411 { |
376 }, | 412 }, |
377 | 413 |
378 setRequestHeader: function(name, value) | 414 setRequestHeader: function(name, value) |
379 { | 415 { |
380 if (this.readyState > 1) | 416 if (this.readyState > 1) |
381 throw new Error("Cannot set request header after sending"); | 417 throw new Error("Cannot set request header after sending"); |
382 | 418 |
383 this._requestHeaders[name] = value; | 419 if (this._isRequestHeaderAllowed(name)) { |
420 this._requestHeaders[name] = value; | |
421 } else { | |
422 console.warn("Attempt to set a forbidden header was denied: " + name); | |
423 } | |
384 }, | 424 }, |
385 | 425 |
386 getResponseHeader: function(name) | 426 getResponseHeader: function(name) |
387 { | 427 { |
388 name = name.toLowerCase(); | 428 name = name.toLowerCase(); |
389 if (!this._responseHeaders || !this._responseHeaders.hasOwnProperty(name)) | 429 if (!this._responseHeaders || !this._responseHeaders.hasOwnProperty(name)) |
390 return null; | 430 return null; |
391 else | 431 else |
392 return this._responseHeaders[name]; | 432 return this._responseHeaders[name]; |
393 }, | 433 }, |
394 | 434 |
395 channel: | 435 channel: |
396 { | 436 { |
397 status: -1, | 437 status: -1, |
398 notificationCallbacks: {}, | 438 notificationCallbacks: {}, |
399 loadFlags: 0, | 439 loadFlags: 0, |
400 INHIBIT_CACHING: 0, | 440 INHIBIT_CACHING: 0, |
401 VALIDATE_ALWAYS: 0, | 441 VALIDATE_ALWAYS: 0, |
402 QueryInterface: function() | 442 QueryInterface: function() |
403 { | 443 { |
404 return this; | 444 return this; |
405 } | 445 } |
406 } | 446 } |
407 }; | 447 }; |
OLD | NEW |