diff --git a/lib/XMLHttpRequest.js b/lib/XMLHttpRequest.js index bada957..cb9df83 100644 --- a/lib/XMLHttpRequest.js +++ b/lib/XMLHttpRequest.js @@ -14,16 +14,71 @@ var Url = require("url"); var spawn = require("child_process").spawn; var fs = require("fs"); +var http = require("http"); +var https = require("https"); + +// Set some default headers +var defaultHeaders = { + "User-Agent": "node-XMLHttpRequest", + "Accept": "*/*" +}; + +// These headers are not user setable. +// The following are allowed but banned in the spec: +// * user-agent +var forbiddenRequestHeaders = [ + "accept-charset", + "accept-encoding", + "access-control-request-headers", + "access-control-request-method", + "connection", + "content-length", + "content-transfer-encoding", + "cookie", + "cookie2", + "date", + "expect", + "host", + "keep-alive", + "origin", + "referer", + "te", + "trailer", + "transfer-encoding", + "upgrade", + "via" +]; + +// These request methods are not allowed +var forbiddenRequestMethods = [ + "TRACE", + "TRACK", + "CONNECT" +]; + +/** + * Check if the specified header is allowed. + * + * @param string header Header to validate + * @return boolean False if not allowed, otherwise true + */ +var isAllowedHttpHeader = function(header) { + return disableHeaderCheck || (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1); +}; + +/** + * Check if the specified method is allowed. + * + * @param string method Request method to validate + * @return boolean False if not allowed, otherwise true + */ +var isAllowedHttpMethod = function(method) { + return (method && forbiddenRequestMethods.indexOf(method) === -1); +}; exports.XMLHttpRequest = function() { "use strict"; - - /** - * Private variables - */ var self = this; - var http = require("http"); - var https = require("https"); // Holds http.js objects var request; @@ -36,48 +91,9 @@ exports.XMLHttpRequest = function() { // Not part of XHR specs. var disableHeaderCheck = false; - // Set some default headers - var defaultHeaders = { - "User-Agent": "node-XMLHttpRequest", - "Accept": "*/*", - }; - var headers = {}; var headersCase = {}; - // These headers are not user setable. - // The following are allowed but banned in the spec: - // * user-agent - var forbiddenRequestHeaders = [ - "accept-charset", - "accept-encoding", - "access-control-request-headers", - "access-control-request-method", - "connection", - "content-length", - "content-transfer-encoding", - "cookie", - "cookie2", - "date", - "expect", - "host", - "keep-alive", - "origin", - "referer", - "te", - "trailer", - "transfer-encoding", - "upgrade", - "via" - ]; - - // These request methods are not allowed - var forbiddenRequestMethods = [ - "TRACE", - "TRACK", - "CONNECT" - ]; - // Send flag var sendFlag = false; // Error flag, used when errors occur or abort is called @@ -116,30 +132,6 @@ exports.XMLHttpRequest = function() { // credentials such as cookies or authorization headers this.withCredentials = false; - /** - * Private methods - */ - - /** - * Check if the specified header is allowed. - * - * @param string header Header to validate - * @return boolean False if not allowed, otherwise true - */ - var isAllowedHttpHeader = function(header) { - return disableHeaderCheck || (header && forbiddenRequestHeaders.indexOf(header.toLowerCase()) === -1); - }; - - /** - * Check if the specified method is allowed. - * - * @param string method Request method to validate - * @return boolean False if not allowed, otherwise true - */ - var isAllowedHttpMethod = function(method) { - return (method && forbiddenRequestMethods.indexOf(method) === -1); - }; - /** * Public methods */ @@ -400,7 +392,7 @@ exports.XMLHttpRequest = function() { self.dispatchEvent("readystatechange"); // Handler for the response - var responseHandler = function responseHandler(resp) { + function responseHandler(resp) { // Set response var to the response we got back // This is so it remains accessable outside this scope response = resp;