fixes bug 308484 "Extensions can't set Content-Length header for XMLHttpRequest" r=dveditz sr=jst

extensions/xmlextras/base/src/nsXMLHttpRequest.cpp

@@ -1631,7 +1631,21 @@ nsXMLHttpRequest::SetRequestHeader(const nsACString& header,
   if (!mChannel)             // open() initializes mChannel, and open()
     return NS_ERROR_FAILURE; // must be called before first setRequestHeader()
 
-  // Prevent modification to certain HTTP headers (see bug 302263):
+  // Prevent modification to certain HTTP headers (see bug 302263), unless
+  // the executing script has UniversalBrowserWrite permission.
+
+  nsCOMPtr<nsIScriptSecurityManager> secMan = 
+      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
+  if (!secMan)
+    return NS_ERROR_FAILURE;
+
+  PRBool privileged;
+  nsresult rv = secMan->IsCapabilityEnabled("UniversalBrowserWrite",
+                                            &privileged);
+  if (NS_FAILED(rv))
+    return NS_ERROR_FAILURE;
+
+  if (!privileged) {
     const char *kInvalidHeaders[] = {
       "host", "content-length", "transfer-encoding", "via", "upgrade"
     };
@@ -1641,6 +1655,7 @@ nsXMLHttpRequest::SetRequestHeader(const nsACString& header,
         return NS_OK;
       }
     }
+  }
 
   nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(mChannel));