Source code
Revision control
Copy as Markdown
Other Tools
Test Info:
- This WPT test may be referenced by the following Test IDs:
- /fetch/api/headers/headers-forbidden-override.any.html - WPT Dashboard Interop Dashboard
- /fetch/api/headers/headers-forbidden-override.any.serviceworker.html - WPT Dashboard Interop Dashboard
- /fetch/api/headers/headers-forbidden-override.any.sharedworker.html - WPT Dashboard Interop Dashboard
- /fetch/api/headers/headers-forbidden-override.any.worker.html - WPT Dashboard Interop Dashboard
// META: global=window,worker
let forbiddenMethods = [
"TRACE",
"TRACK",
"CONNECT",
"trace",
"track",
"connect",
"\rtrace",
"\ttrack",
"\nconnect",
"trace,",
"GET,track ",
" connect",
];
let overrideHeaders = [
"x-http-method-override",
"x-http-method",
"x-method-override",
"X-HTTP-METHOD-OVERRIDE",
"X-HTTP-METHOD",
"X-METHOD-OVERRIDE",
];
for (forbiddenMethod of forbiddenMethods) {
for (overrideHeader of overrideHeaders) {
test(() => {
r.headers.append(overrideHeader, forbiddenMethod);
assert_false(r.headers.has(overrideHeader));
}, `header ${overrideHeader} is forbidden to use value ${forbiddenMethod}`);
}
}
let permittedValues = [
"GETTRACE",
"GET",
"\",TRACE\",",
];
for (permittedValue of permittedValues) {
for (overrideHeader of overrideHeaders) {
test(() => {
r.headers.append(overrideHeader, permittedValue);
assert_equals(permittedValue, r.headers.get(overrideHeader));
}, `header ${overrideHeader} is allowed to use value ${permittedValue}`);
}
}