[Pkg-javascript-commits] [node-stream-http] 57/208: Hide warnings for unsafe headers
Bastien Roucariès
rouca at moszumanska.debian.org
Sun Aug 13 13:39:29 UTC 2017
This is an automated email from the git hooks/post-receive script.
rouca pushed a commit to branch master
in repository node-stream-http.
commit 916ab55402411a65ca8a28be0b66fb8cb2569673
Author: John Hiesey <john at hiesey.com>
Date: Sun Jul 12 21:25:08 2015 -0700
Hide warnings for unsafe headers
---
lib/request.js | 37 +++++++++++++++++++++++++++++++++++--
lib/response.js | 2 +-
package.json | 1 +
3 files changed, 37 insertions(+), 3 deletions(-)
diff --git a/lib/request.js b/lib/request.js
index 25de62f..8bb5463 100644
--- a/lib/request.js
+++ b/lib/request.js
@@ -1,10 +1,11 @@
// var Base64 = require('Base64')
var capability = require('./capability')
var foreach = require('foreach')
+var indexOf = require('indexof')
+var inherits = require('inherits')
var keys = require('object-keys')
var response = require('./response')
var stream = require('stream')
-var inherits = require('inherits')
var IncomingMessage = response.IncomingMessage
var rStates = response.readyStates
@@ -63,7 +64,14 @@ inherits(ClientRequest, stream.Writable)
ClientRequest.prototype.setHeader = function (name, value) {
var self = this
- self._headers[name.toLowerCase()] = {
+ var lowerName = name.toLowerCase()
+ // This check is not necessary, but it prevents warnings from browsers about setting unsafe
+ // headers. To be honest I'm not entirely sure hiding these warnings is a good thing, but
+ // http-browserify did it, so I will too.
+ if (indexOf(unsafeHeaders, lowerName) !== -1)
+ return
+
+ self._headers[lowerName] = {
name: name,
value: value
}
@@ -234,3 +242,28 @@ ClientRequest.prototype.flushHeaders = function () {}
ClientRequest.prototype.setTimeout = function () {}
ClientRequest.prototype.setNoDelay = function () {}
ClientRequest.prototype.setSocketKeepAlive = function () {}
+
+// Taken from http://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader%28%29-method
+var unsafeHeaders = [
+ 'accept-charset',
+ 'accept-encoding',
+ 'access-control-request-headers',
+ 'access-control-request-method',
+ 'connection',
+ 'content-length',
+ 'cookie',
+ 'cookie2',
+ 'date',
+ 'dnt',
+ 'expect',
+ 'host',
+ 'keep-alive',
+ 'origin',
+ 'referer',
+ 'te',
+ 'trailer',
+ 'transfer-encoding',
+ 'upgrade',
+ 'user-agent',
+ 'via'
+];
diff --git a/lib/response.js b/lib/response.js
index 2be9105..1252f20 100644
--- a/lib/response.js
+++ b/lib/response.js
@@ -1,7 +1,7 @@
var capability = require('./capability')
var foreach = require('foreach')
-var stream = require('stream')
var inherits = require('inherits')
+var stream = require('stream')
var rStates = exports.readyStates = {
UNSENT: 0,
diff --git a/package.json b/package.json
index cb70b56..faf41cc 100644
--- a/package.json
+++ b/package.json
@@ -18,6 +18,7 @@
"dependencies": {
"builtin-status-codes": "~1.0.0",
"foreach": "^2.0.5",
+ "indexof": "0.0.1",
"inherits": "^2.0.1",
"object-keys": "1.0.4",
"xtend": "^4.0.0"
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-stream-http.git
More information about the Pkg-javascript-commits
mailing list