Remove user-agent from banned headers, change from throwing exception to console.warn for setting forbidden headers, update header tests

Author: driverdan

lib/XMLHttpRequest.js

@@ -33,13 +33,15 @@ exports.XMLHttpRequest = function() {
 
   // Set some default headers
   var defaultHeaders = {
-    "User-Agent": "node.js",
+    "User-Agent": "node-XMLHttpRequest",
     "Accept": "*/*",
   };
 
   var headers = defaultHeaders;
 
-  // These headers are not user setable
+  // These headers are not user setable.
+  // The following are allowed but banned in the spec:
+  // * user-agent
   var forbiddenRequestHeaders = [
     "accept-charset",
     "accept-encoding",
@@ -60,7 +62,6 @@ exports.XMLHttpRequest = function() {
     "trailer",
     "transfer-encoding",
     "upgrade",
-    "user-agent",
     "via"
   ];
 
@@ -174,7 +175,8 @@ exports.XMLHttpRequest = function() {
       throw "INVALID_STATE_ERR: setRequestHeader can only be called when state is OPEN";
     }
     if (!isAllowedHttpHeader(header)) {
-      throw "SYNTAX_ERR: This header is not allowed";
+      console.warn('Refused to set unsafe header "' + header + '"');
+      return;
     }
     if (sendFlag) {
       throw "INVALID_STATE_ERR: send flag is true";

tests/test-headers.js

@@ -49,7 +49,10 @@ xhr.onreadystatechange = function() {
 assert.equal(null, xhr.getResponseHeader("Content-Type"));
 try {
   xhr.open("GET", "http://localhost:8000/");
+  // Valid header
   xhr.setRequestHeader("X-Test", "Foobar");
+  // Invalid header
+  xhr.setRequestHeader("Content-Length", 0);
   // Test getRequestHeader
   assert.equal("Foobar", xhr.getRequestHeader("X-Test"));
   xhr.send();