CORS: safelist Content-Length header

See whatwg/fetch#626 for details.
web-platform-tests · May 9, 2018 · 407ecdf · 407ecdf
1 parent c327c27
commit 407ecdf
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/fetch/api/cors/cors-filtering.js b/fetch/api/cors/cors-filtering.js
@@ -52,18 +52,17 @@ corsFilter(url, "Content-Type", "text/html", false);
 corsFilter(url, "Expires","04 May 1988 22:22:22 GMT" , false);
 corsFilter(url, "Last-Modified", "04 May 1988 22:22:22 GMT", false);
 corsFilter(url, "Pragma", "no-cache", false);
+corsFilter(url, "Content-Length", "3" , false); // top.txt contains "top"
 
 corsFilter(url, "Age", "27", true);
 corsFilter(url, "Server", "wptServe" , true);
 corsFilter(url, "Warning", "Mind the gap" , true);
-corsFilter(url, "Content-Length", "3" , true); // top.txt contains "top"
 corsFilter(url, "Set-Cookie", "name=value" , true);
 corsFilter(url, "Set-Cookie2", "name=value" , true);
 
 corsExposeFilter(url, "Age", "27", false);
 corsExposeFilter(url, "Server", "wptServe" , false);
 corsExposeFilter(url, "Warning", "Mind the gap" , false);
-corsExposeFilter(url, "Content-Length", "3" , false);
 
 corsExposeFilter(url, "Set-Cookie", "name=value" , true);
 corsExposeFilter(url, "Set-Cookie2", "name=value" , true);