diff options
| author | Moonchild <mcwerewolf@gmail.com> | 2018-09-27 00:59:51 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-09-27 00:59:51 +0200 |
| commit | b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2 (patch) | |
| tree | 61462bdb3c34813d3cbd32c87628854a48392cea /devtools/client/shared | |
| parent | 63875408947b0e5551f41e4de1e0ca44dd970c36 (diff) | |
| parent | c5c9445e3adf6b65c98f6810551d7c3d64133134 (diff) | |
| download | UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar.gz UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar.lz UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.tar.xz UXP-b92dbaf6a1da5e06e9c0eb818288c0db1b6e45e2.zip | |
Merge pull request #791 from g4jc/session_supercookie
Issue #792 - backport mozbug 1334776 - CVE-2017-7797 Header name interning leaks across origins
Diffstat (limited to 'devtools/client/shared')
| -rw-r--r-- | devtools/client/shared/AppCacheUtils.jsm | 8 | ||||
| -rw-r--r-- | devtools/client/shared/curl.js | 8 |
2 files changed, 8 insertions, 8 deletions
diff --git a/devtools/client/shared/AppCacheUtils.jsm b/devtools/client/shared/AppCacheUtils.jsm index a2beca993..9fd4d0541 100644 --- a/devtools/client/shared/AppCacheUtils.jsm +++ b/devtools/client/shared/AppCacheUtils.jsm @@ -86,7 +86,7 @@ AppCacheUtils.prototype = { _parseManifest: function ACU__parseManifest(uriInfo) { let deferred = defer(); let manifestName = uriInfo.name; - let manifestLastModified = new Date(uriInfo.responseHeaders["Last-Modified"]); + let manifestLastModified = new Date(uriInfo.responseHeaders["last-modified"]); if (uriInfo.charset.toLowerCase() != "utf-8") { this._addError(0, "notUTF8", uriInfo.charset); @@ -158,7 +158,7 @@ AppCacheUtils.prototype = { // Check that the resource was not modified after the manifest was last // modified. If it was then the manifest file should be refreshed. let resourceLastModified = - new Date(uriInfo.responseHeaders["Last-Modified"]); + new Date(uriInfo.responseHeaders["last-modified"]); if (manifestLastModified < resourceLastModified) { this._addError(parsedUri.line, "fileChangedButNotManifest", @@ -230,12 +230,12 @@ AppCacheUtils.prototype = { result.requestHeaders = {}; request.visitRequestHeaders(function (header, value) { - result.requestHeaders[header] = value; + result.responseHeaders[header.toLowerCase()] = value; }); result.responseHeaders = {}; request.visitResponseHeaders(function (header, value) { - result.responseHeaders[header] = value; + result.responseHeaders[header.toLowerCase()] = value; }); deferred.resolve(result); diff --git a/devtools/client/shared/curl.js b/devtools/client/shared/curl.js index 420fe6aa5..6d33ad971 100644 --- a/devtools/client/shared/curl.js +++ b/devtools/client/shared/curl.js @@ -81,14 +81,14 @@ const Curl = { postDataText = data.postDataText; postData.push("--data"); postData.push(escapeString(utils.writePostDataTextParams(postDataText))); - ignoredHeaders.add("Content-Length"); + ignoredHeaders.add("content-length"); } else if (multipartRequest) { postDataText = data.postDataText; postData.push("--data-binary"); let boundary = utils.getMultipartBoundary(data); let text = utils.removeBinaryDataFromMultipartText(postDataText, boundary); postData.push(escapeString(text)); - ignoredHeaders.add("Content-Length"); + ignoredHeaders.add("content-length"); } // Add method. @@ -125,11 +125,11 @@ const Curl = { } for (let i = 0; i < headers.length; i++) { let header = headers[i]; - if (header.name === "Accept-Encoding") { + if (header.name.toLowerCase() === "accept-encoding") { command.push("--compressed"); continue; } - if (ignoredHeaders.has(header.name)) { + if (ignoredHeaders.has(header.name.toLowerCase())) { continue; } command.push("-H"); |