Merge remote-tracking branch 'keverw/master'

Author: driverdan

README.md

@@ -1,5 +1,7 @@
 # node-XMLHttpRequest #
 
+this is a fork with support for disabling header checking. 
+
 node-XMLHttpRequest is a wrapper for the built-in http client to emulate the
 browser XMLHttpRequest object.
 

lib/XMLHttpRequest.js

@@ -30,6 +30,9 @@ exports.XMLHttpRequest = function() {
 
   // Request settings
   var settings = {};
+  
+  //headerscheck
+  var disableHeaderChecking = false;
 
   // Set some default headers
   var defaultHeaders = {
@@ -117,7 +120,14 @@ exports.XMLHttpRequest = function() {
    * @return boolean False if not allowed, otherwise true
    */
   var isAllowedHttpHeader = function(header) {
-    return (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1);
+  	if (disableHeaderChecking)
+  	{
+  		return true
+  	}
+  	else
+  	{
+    	return (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1);
+    }
   };
 
   /**
@@ -163,6 +173,19 @@ exports.XMLHttpRequest = function() {
 
     setState(this.OPENED);
   };
+  
+  
+  /**
+   * Disables or enables isAllowedHttpHeader() check the request. Enabled by default.
+   *
+   * @param State true or false
+   *
+   * This is a more advance feature. This does not conform to the W3C spec
+   *
+   */
+  this.disableHeaderCheck = function(state) {
+  	disableHeaderChecking = state;
+  }
 
   /**
    * Sets a header for the request.

tests/header_set.js

@@ -0,0 +1,20 @@
+var sys = require('util');
+var XMLHttpRequest = require("./lib/xmlhttprequest").XMLHttpRequest;
+
+var xhr = new XMLHttpRequest();
+
+xhr.onreadystatechange = function() {
+	sys.puts("State: " + this.readyState);
+	
+	if (this.readyState == 4) {
+		sys.puts("Complete.\nBody length: " + this.responseText.length);
+		sys.puts("Body:\n" + this.responseText);
+	}
+};
+
+xhr.open("GET", "http://localhost/ua_test.php");
+
+xhr.disableHeaderCheck(true)//Disable check
+
+xhr.setRequestHeader('User-Agent', 'Search bot'); //set forbidden header
+xhr.send();