Exclude cookie headers from getAllResponseHeaders (tests added). Switch internal use of setRequestHeader to direct header array access to avoid exceptions.

Author: driverdan

lib/XMLHttpRequest.js

@@ -80,6 +80,7 @@ exports.XMLHttpRequest = function() {
   /**
    * Constants
    */
+
   this.UNSENT = 0;
   this.OPENED = 1;
   this.HEADERS_RECEIVED = 2;
@@ -89,6 +90,7 @@ exports.XMLHttpRequest = function() {
   /**
    * Public vars
    */
+
   // Current state
   this.readyState = this.UNSENT;
 
@@ -198,7 +200,7 @@ exports.XMLHttpRequest = function() {
   /**
    * Gets all the response headers.
    *
-   * @return string 
+   * @return string A string with all response headers separated by CR+LF
    */
   this.getAllResponseHeaders = function() {
     if (this.readyState < this.HEADERS_RECEIVED || errorFlag) {
@@ -207,7 +209,11 @@ exports.XMLHttpRequest = function() {
     var result = "";
 
     for (var i in response.headers) {
-      result += i + ": " + response.headers[i] + "\r\n";
+      var headerName = i.toLowerCase();
+      // Cookie headers are excluded
+      if (headerName !== "set-cookie" && headerName !== "set-cookie2") {
+        result += i + ": " + response.headers[i] + "\r\n";
+      }
     }
     return result.substr(0, result.length - 2);
   };
@@ -254,7 +260,7 @@ exports.XMLHttpRequest = function() {
     var uri = url.pathname + (url.search ? url.search : '');
 
     // Set the Host header or the server may reject the request
-    this.setRequestHeader("Host", host);
+    headers["Host"] = host;
 
     // Set Basic Auth if necessary
     if (settings.user) {
@@ -269,10 +275,10 @@ exports.XMLHttpRequest = function() {
     if (settings.method == "GET" || settings.method == "HEAD") {
       data = null;
     } else if (data) {
-      this.setRequestHeader("Content-Length", Buffer.byteLength(data));
+      headers["Content-Length"] = Buffer.byteLength(data);
 
       if (!headers["Content-Type"]) {
-        this.setRequestHeader("Content-Type", "text/plain;charset=UTF-8");
+        headers["Content-Type"] = "text/plain;charset=UTF-8";
       }
     }
 

tests/test-headers.js

@@ -13,6 +13,10 @@ var server = http.createServer(function (req, res) {
   res.writeHead(200, {
     "Content-Type": "text/plain",
     "Content-Length": Buffer.byteLength(body),
+    // Set cookie headers to see if they're correctly suppressed
+    // Actual values don't matter
+    "Set-Cookie": "foo=bar",
+    "Set-Cookie2": "bar=baz",
     "Connection": "close"
   });
   res.write("Hello World");
@@ -43,6 +47,10 @@ xhr.onreadystatechange = function() {
 };
 
 assert.equal(null, xhr.getResponseHeader("Content-Type"));
-xhr.open("GET", "http://localhost:8000/");
-xhr.setRequestHeader("X-Test", "Foobar");
-xhr.send();
+try {
+  xhr.open("GET", "http://localhost:8000/");
+  xhr.setRequestHeader("X-Test", "Foobar");
+  xhr.send();
+} catch(e) {
+  console.log("ERROR: Exception raised", e);
+}