Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Changed XMLHttpRequest #172

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Changed XMLHttpRequest #172

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
132 changes: 62 additions & 70 deletions lib/XMLHttpRequest.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,16 +14,71 @@
var Url = require("url");
var spawn = require("child_process").spawn;
var fs = require("fs");
var http = require("http");
var https = require("https");

// Set some default headers
var defaultHeaders = {
"User-Agent": "node-XMLHttpRequest",
"Accept": "*/*"
};

// These headers are not user setable.
// The following are allowed but banned in the spec:
// * user-agent
var forbiddenRequestHeaders = [
"accept-charset",
"accept-encoding",
"access-control-request-headers",
"access-control-request-method",
"connection",
"content-length",
"content-transfer-encoding",
"cookie",
"cookie2",
"date",
"expect",
"host",
"keep-alive",
"origin",
"referer",
"te",
"trailer",
"transfer-encoding",
"upgrade",
"via"
];

// These request methods are not allowed
var forbiddenRequestMethods = [
"TRACE",
"TRACK",
"CONNECT"
];

/**
* Check if the specified header is allowed.
*
* @param string header Header to validate
* @return boolean False if not allowed, otherwise true
*/
var isAllowedHttpHeader = function(header) {
return disableHeaderCheck || (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1);
};

/**
* Check if the specified method is allowed.
*
* @param string method Request method to validate
* @return boolean False if not allowed, otherwise true
*/
var isAllowedHttpMethod = function(method) {
return (method && forbiddenRequestMethods.indexOf(method) === -1);
};

exports.XMLHttpRequest = function() {
"use strict";

/**
* Private variables
*/
var self = this;
var http = require("http");
var https = require("https");

// Holds http.js objects
var request;
Expand All @@ -36,48 +91,9 @@ exports.XMLHttpRequest = function() {
// Not part of XHR specs.
var disableHeaderCheck = false;

// Set some default headers
var defaultHeaders = {
"User-Agent": "node-XMLHttpRequest",
"Accept": "*/*",
};

var headers = {};
var headersCase = {};

// These headers are not user setable.
// The following are allowed but banned in the spec:
// * user-agent
var forbiddenRequestHeaders = [
"accept-charset",
"accept-encoding",
"access-control-request-headers",
"access-control-request-method",
"connection",
"content-length",
"content-transfer-encoding",
"cookie",
"cookie2",
"date",
"expect",
"host",
"keep-alive",
"origin",
"referer",
"te",
"trailer",
"transfer-encoding",
"upgrade",
"via"
];

// These request methods are not allowed
var forbiddenRequestMethods = [
"TRACE",
"TRACK",
"CONNECT"
];

// Send flag
var sendFlag = false;
// Error flag, used when errors occur or abort is called
Expand Down Expand Up @@ -116,30 +132,6 @@ exports.XMLHttpRequest = function() {
// credentials such as cookies or authorization headers
this.withCredentials = false;

/**
* Private methods
*/

/**
* Check if the specified header is allowed.
*
* @param string header Header to validate
* @return boolean False if not allowed, otherwise true
*/
var isAllowedHttpHeader = function(header) {
return disableHeaderCheck || (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1);
};

/**
* Check if the specified method is allowed.
*
* @param string method Request method to validate
* @return boolean False if not allowed, otherwise true
*/
var isAllowedHttpMethod = function(method) {
return (method && forbiddenRequestMethods.indexOf(method) === -1);
};

/**
* Public methods
*/
Expand Down Expand Up @@ -400,7 +392,7 @@ exports.XMLHttpRequest = function() {
self.dispatchEvent("readystatechange");

// Handler for the response
var responseHandler = function responseHandler(resp) {
function responseHandler(resp) {
// Set response var to the response we got back
// This is so it remains accessable outside this scope
response = resp;
Expand Down