fix(firefox): filter host header from overrides (microsoft#36932)

yury-s · web-flow · commit 0385672ba6cc · 2025-08-05T14:34:33.000-07:00
diff --git a/packages/playwright-core/src/server/network.ts b/packages/playwright-core/src/server/network.ts
@@ -349,8 +349,12 @@ export class Route extends SdkObject {
       if (oldUrl.protocol !== newUrl.protocol)
         throw new Error('New URL must have same protocol as overridden URL');
     }
-    if (overrides.headers)
-      overrides.headers = overrides.headers?.filter(header => header.name.toLowerCase() !== 'cookie');
+    if (overrides.headers) {
+      overrides.headers = overrides.headers?.filter(header => {
+        const headerName = header.name.toLowerCase();
+        return headerName !== 'cookie' && headerName !== 'host';
+      });
+    }
     overrides = this._request._applyOverrides(overrides);
 
     const nextHandler = this._futureHandlers.shift();
diff --git a/tests/page/page-request-continue.spec.ts b/tests/page/page-request-continue.spec.ts
@@ -51,7 +51,8 @@ it('should not allow to override unsafe HTTP headers', async ({ page, server, br
   const error = await route.continue({
     headers: {
       ...route.request().headers(),
-      host: 'bar'
+      host: 'bar',
+      trailer: 'baz',
     }
   }).catch(e => e);
   if (isElectron) {
@@ -67,7 +68,8 @@ it('should not allow to override unsafe HTTP headers', async ({ page, server, br
     // These lines just document current behavior in FF and WK,
     // we don't necessarily want to maintain this behavior.
     const serverRequest = await serverRequestPromise;
-    expect(serverRequest.headers['host']).toBe('bar');
+    expect(serverRequest.headers['trailer']).toBe('baz');
+    expect(serverRequest.headers['host']).toBe(new URL(server.EMPTY_PAGE).host);
   }
 });
 
@@ -902,29 +904,33 @@ it('should not forward Host header on cross-origin redirect', {
     description: 'https://github.com/microsoft/playwright/issues/36719'
   }
 }, async ({ page, server, browserName }) => {
-  it.fixme(browserName === 'firefox', 'https://github.com/microsoft/playwright/issues/36719');
-
   const redirectTargetPath = '/final';
   const redirectSourcePath = '/redirect';
 
-  let receivedHostHeader: string | undefined;
+  let redirectedHost: string | undefined;
   server.setRoute(redirectTargetPath, (req, res) => {
-    receivedHostHeader = req.headers['host'];
+    redirectedHost = req.headers['host'];
     res.end('OK');
   });
 
+  let firstHost: string | undefined;
   server.setRoute(redirectSourcePath, (req, res) => {
+    firstHost = req.headers['host'];
     res.writeHead(302, { ___location: `${server.CROSS_PROCESS_PREFIX}${redirectTargetPath}` });
     res.end();
   });
 
   await page.route('**/*', async route => {
     const headers = route.request().headers();
-    expect(headers).not.toHaveProperty('host');
+    if (browserName === 'firefox')
+      expect(headers).toHaveProperty('host');
+    else
+      expect(headers).not.toHaveProperty('host');
     await route.continue({ headers });
   });
 
   const response = await page.goto(server.PREFIX + redirectSourcePath);
   expect(response.status()).toBe(200);
-  expect(receivedHostHeader).toBe(new URL(server.CROSS_PROCESS_PREFIX).host);
+  expect(firstHost).toBe(new URL(server.PREFIX).host);
+  expect(redirectedHost).toBe(new URL(server.CROSS_PROCESS_PREFIX).host);
 });
