From 57fcc263fde98c9758415673a59c9b2e8d44bc1e Mon Sep 17 00:00:00 2001
From: Kyle Huey <khuey@kylehuey.com>
Date: Mon, 15 Nov 2010 06:55:30 -0500
Subject: [PATCH] Bug 602482: Update XHR forbidden headers to latest spec.
 r=sicking a=b:betaN

--HG--
rename : content/base/test/test_bug308484.html => content/base/test/test_xhr_forbidden_headers.html
---
 content/base/src/nsXMLHttpRequest.cpp                     | 8 +++++---
 content/base/test/Makefile.in                             | 2 +-
 ...est_bug308484.html => test_xhr_forbidden_headers.html} | 6 ++++++
 3 files changed, 12 insertions(+), 4 deletions(-)
 rename content/base/test/{test_bug308484.html => test_xhr_forbidden_headers.html} (94%)

diff --git a/content/base/src/nsXMLHttpRequest.cpp b/content/base/src/nsXMLHttpRequest.cpp
index 34ce73145f71..d007eb6f4c36 100644
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@@ -2763,9 +2763,11 @@ nsXMLHttpRequest::SetRequestHeader(const nsACString& header,
   if (!privileged) {
     // Check for dangerous headers
     const char *kInvalidHeaders[] = {
-      "accept-charset", "accept-encoding", "connection", "content-length",
-      "content-transfer-encoding", "date", "expect", "host", "keep-alive",
-      "referer", "te", "trailer", "transfer-encoding", "upgrade", "via"
+      "accept-charset", "accept-encoding", "access-control-request-headers",
+      "access-control-request-method", "connection", "content-length",
+      "cookie", "cookie2", "content-transfer-encoding", "date", "expect",
+      "host", "keep-alive", "origin", "referer", "te", "trailer",
+      "transfer-encoding", "upgrade", "user-agent", "via"
     };
     PRUint32 i;
     for (i = 0; i < NS_ARRAY_LENGTH(kInvalidHeaders); ++i) {
diff --git a/content/base/test/Makefile.in b/content/base/test/Makefile.in
index 3ed5d9400662..146ec3391838 100644
--- a/content/base/test/Makefile.in
+++ b/content/base/test/Makefile.in
@@ -78,7 +78,7 @@ _TEST_FILES1 = 	test_bug5141.html \
 		test_bug276037-2.xhtml \
 		test_bug298064.html \
 		bug298064-subframe.html \
-		test_bug308484.html \
+		test_xhr_forbidden_headers.html \
 		test_bug311681.xml \
 		test_bug322317.html \
 		test_bug330925.xhtml \
diff --git a/content/base/test/test_bug308484.html b/content/base/test/test_xhr_forbidden_headers.html
similarity index 94%
rename from content/base/test/test_bug308484.html
rename to content/base/test/test_xhr_forbidden_headers.html
index 7ef501a8bbf7..7690bdab0e04 100644
--- a/content/base/test/test_bug308484.html
+++ b/content/base/test/test_xhr_forbidden_headers.html
@@ -23,18 +23,24 @@ https://bugzilla.mozilla.org/show_bug.cgi?id=308484
 var headers = [
   "aCCept-chaRset",
   "acCePt-eNcoDing",
+  "aCcEsS-cOnTrOl-ReQuEsT-mEtHoD",
+  "aCcEsS-cOnTrOl-ReQuEsT-hEaDeRs",
   "coNnEctIon",
   "coNtEnt-LEngth",
+  "CoOKIe",
+  "cOOkiE2",
   "cOntEnt-tRAnsFer-enCoDiNg",
   "DATE",
   "exPeCt",
   "hOSt",
   "keep-alive",
+  "oRiGiN",
   "reFERer",
   "te",
   "trAiLer",
   "trANsfEr-eNcoDiNg",
   "uPGraDe",
+  "user-AGENT",
   "viA",
   "pRoxy-",
   "sEc-",