Add content-length as a CORS-safelisted response header.
Reference: https://fetch.spec.whatwg.org/#cors-safelisted-response-header
Differential Revision: https://phabricator.services.mozilla.com/D58492
bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1460299
gecko-commit: 4615f67be1a8bf6a6ace66b73ed7cc233f6193e7
gecko-reviewers: valentin, baku
diff --git a/cors/resources/cors-headers.asis b/cors/resources/cors-headers.asis
index ce21245..2e92da2 100644
--- a/cors/resources/cors-headers.asis
+++ b/cors/resources/cors-headers.asis
@@ -4,6 +4,7 @@
Access-Control-Expose-Headers: X-Second-Expose
Access-Control-Expose-Headers: Date
Content-Type: text/plain
+Content-Length: 4
X-Custom-Header: test
X-Custom-Header: test
Set-Cookie: test1=t1;max-age=2
diff --git a/cors/response-headers.htm b/cors/response-headers.htm
index d4d7cf2..cc06a23 100644
--- a/cors/response-headers.htm
+++ b/cors/response-headers.htm
@@ -44,6 +44,8 @@
default_readable("Expires", "Thu, 01 Dec 1994 16:00:00 GMT");
default_readable("Last-Modified", "Thu, 01 Dec 1994 10:00:00 GMT");
default_readable("Pragma", "no-cache");
+default_readable("Content-Length", "4");
+default_readable("Content-Type", "text/plain");
function default_unreadable(head) {
diff --git a/xhr/access-control-basic-cors-safelisted-response-headers.htm b/xhr/access-control-basic-cors-safelisted-response-headers.htm
index be9a10e..fb58957 100644
--- a/xhr/access-control-basic-cors-safelisted-response-headers.htm
+++ b/xhr/access-control-basic-cors-safelisted-response-headers.htm
@@ -18,6 +18,7 @@
assert_not_equals(xhr.getResponseHeader("cache-control"), null);
assert_not_equals(xhr.getResponseHeader("content-language"), null);
assert_not_equals(xhr.getResponseHeader("content-type"), null);
+ assert_not_equals(xhr.getResponseHeader("content-length"), null);
assert_not_equals(xhr.getResponseHeader("expires"), null);
assert_not_equals(xhr.getResponseHeader("last-modified"), null);
assert_not_equals(xhr.getResponseHeader("pragma"), null);
