Better integration of disabling header blacklist, use setDisableHeaderCheck

Author: driverdan

README.md

@@ -1,7 +1,5 @@
 # node-XMLHttpRequest #
 
-this is a fork with support for disabling header checking. 
-
 node-XMLHttpRequest is a wrapper for the built-in http client to emulate the
 browser XMLHttpRequest object.
 

lib/XMLHttpRequest.js

@@ -31,8 +31,9 @@ exports.XMLHttpRequest = function() {
   // Request settings
   var settings = {};
 
-  //headerscheck
-  var disableHeaderChecking = false;
+  // Disable header blacklist.
+  // Not part of XHR specs.
+  var disableHeaderCheck = false;
 
   // Set some default headers
   var defaultHeaders = {
@@ -120,14 +121,7 @@ exports.XMLHttpRequest = function() {
    * @return boolean False if not allowed, otherwise true
    */
   var isAllowedHttpHeader = function(header) {
-  	if (disableHeaderChecking)
-  	{
-  		return true
-  	}
-  	else
-  	{
-    	return (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1);
-    }
+    return disableHeaderCheck || (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1);
   };
 
   /**
@@ -173,18 +167,15 @@ exports.XMLHttpRequest = function() {
 
     setState(this.OPENED);
   };
-  
-  
+
   /**
    * Disables or enables isAllowedHttpHeader() check the request. Enabled by default.
+   * This does not conform to the W3C spec.
    *
-   * @param State true or false
-   *
-   * This is a more advance feature. This does not conform to the W3C spec
-   *
+   * @param boolean state Enable or disable header checking.
    */
-  this.disableHeaderCheck = function(state) {
-  	disableHeaderChecking = state;
+  this.setDisableHeaderCheck = function(state) {
+    disableHeaderCheck = state;
   }
 
   /**

tests/header_set.js

@@ -8,6 +8,10 @@ var sys = require("util")
 var server = http.createServer(function (req, res) {
   // Test setRequestHeader
   assert.equal("Foobar", req.headers["x-test"]);
+  // Test non-conforming allowed header
+  assert.equal("node-XMLHttpRequest-test", req.headers["user-agent"]);
+  // Test header set with blacklist disabled
+  assert.equal("http://github.com", req.headers["referer"]);
 
   var body = "Hello World";
   res.writeHead(200, {
@@ -17,6 +21,7 @@ var server = http.createServer(function (req, res) {
     // Actual values don't matter
     "Set-Cookie": "foo=bar",
     "Set-Cookie2": "bar=baz",
+    "Date": "Thu, 30 Aug 2012 18:17:53 GMT",
     "Connection": "close"
   });
   res.write("Hello World");
@@ -28,7 +33,7 @@ var server = http.createServer(function (req, res) {
 xhr.onreadystatechange = function() {
   if (this.readyState == 4) {
     // Test getAllResponseHeaders()
-    var headers = "content-type: text/plain\r\ncontent-length: 11\r\nconnection: close";
+    var headers = "content-type: text/plain\r\ncontent-length: 11\r\ndate: Thu, 30 Aug 2012 18:17:53 GMT\r\nconnection: close";
     assert.equal(headers, this.getAllResponseHeaders());
 
     // Test case insensitivity
@@ -53,8 +58,18 @@ try {
   xhr.setRequestHeader("X-Test", "Foobar");
   // Invalid header
   xhr.setRequestHeader("Content-Length", 0);
+  // Allowed header outside of specs
+  xhr.setRequestHeader("user-agent", "node-XMLHttpRequest-test");
   // Test getRequestHeader
   assert.equal("Foobar", xhr.getRequestHeader("X-Test"));
+  // Test invalid header
+  assert.equal("", xhr.getRequestHeader("Content-Length"));
+
+  // Test allowing all headers
+  xhr.setDisableHeaderCheck(true);
+  xhr.setRequestHeader("Referer", "http://github.com");
+  assert.equal("http://github.com", xhr.getRequestHeader("Referer"));
+
   xhr.send();
 } catch(e) {
   console.log("ERROR: Exception raised", e);