From 684c09929c4de574ec2c8f7d5c8cd6e0d0719c93 Mon Sep 17 00:00:00 2001 From: Mike Solomon Date: Thu, 2 Jul 2020 06:50:56 +0300 Subject: [PATCH] Allow user to provide unsafe headers This will allow the library to be used for a wider arrange of projects. For example, for a QA-project, I can't test certain headers due to this restriction. --- src/001-xml_http_request.coffee | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/001-xml_http_request.coffee b/src/001-xml_http_request.coffee index 3e448b4..7449863 100644 --- a/src/001-xml_http_request.coffee +++ b/src/001-xml_http_request.coffee @@ -142,13 +142,13 @@ class XMLHttpRequest extends XMLHttpRequestEventTarget # @throw {SyntaxError} name is not a valid HTTP header name or value is not # a valid HTTP header value # @see http://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader()-method - setRequestHeader: (name, value) -> + setRequestHeader: (name, value, allowUnsafeHeaders = false) -> unless @readyState is XMLHttpRequest.OPENED throw new InvalidStateError "XHR readyState must be OPENED" loweredName = name.toLowerCase() - if @_restrictedHeaders[loweredName] or /^sec\-/.test(loweredName) or - /^proxy-/.test(loweredName) + if (!allowUnsafeHeaders and (@_restrictedHeaders[loweredName] or /^sec\-/.test(loweredName) or + /^proxy-/.test(loweredName))) console.warn "Refused to set unsafe header \"#{name}\"" return undefined