This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse the repository at this point in the history
Fix bug with empty header values in Headers objects with "request-no-…
…cors" guard https://bugs.webkit.org/show_bug.cgi?id=251936 Reviewed by Youenn Fablet. The `canWriteHeader` function in `FetchHeaders.cpp` checks whether a header name and value are valid for the guard of a Headers object. However, for the "request-no-cors" guard, this check only applies if the combined value of that header name is not the empty string. This check is not in the fetch specification, and seems to be there because such validation is skipped for the "request-no-cors" guard when deleting a header, and in the spec this validation happens as if the combined value was the empty string. However, WebKit's implementation does not currently use this method when removing headers, and as shown here, this extra condition allows setting headers when they should not be allowed. * LayoutTests/imported/w3c/web-platform-tests/fetch/api/request/request-headers.any-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/fetch/api/request/request-headers.any.js: * LayoutTests/imported/w3c/web-platform-tests/fetch/api/request/request-headers.any.serviceworker-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/fetch/api/request/request-headers.any.sharedworker-expected.txt: * LayoutTests/imported/w3c/web-platform-tests/fetch/api/request/request-headers.any.worker-expected.txt: * Source/WebCore/Modules/fetch/FetchHeaders.cpp: (WebCore::canWriteHeader): Canonical link: https://commits.webkit.org/260066@main
- Loading branch information
Showing 6 changed files with 6 additions and 1 deletion.