From 3123a0c72ccd4c354c5e286fc86423a4c10a7cfc Mon Sep 17 00:00:00 2001
From: Yoshisato Yanagisawa <yyanagisawa@chromium.org>
Date: Tue, 16 Jun 2026 04:46:27 +0000
Subject: [PATCH] NavigationPreloadManager.setHeaderValue should reject invalid
 header values

This update adds validation for the header value in
NavigationPreloadManager.setHeaderValue() to match the Fetch
specification's "header value" definition. It now:
1. Normalizes the input value (stripping HTTP whitespace).
2. Rejects the promise with a TypeError if the value contains
   invalid bytes (including \r, \n, or \0).

Fixes #1000
---
 index.bs | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/index.bs b/index.bs
index 9e42d718..4c95f591 100644
--- a/index.bs
+++ b/index.bs
@@ -1004,6 +1004,8 @@ spec: storage; urlPrefix: https://storage.spec.whatwg.org/
 
       The <dfn method for="NavigationPreloadManager"><code>setHeaderValue(|value|)</code></dfn> method steps are:
 
+        1. Let |value| be the result of [=header value/normalizing=] |value|.
+        1. If |value| is not a [=header value=], return [=a promise rejected with=] a {{TypeError}}.
         1. Let |promise| be [=a new promise=].
         1. Run the following steps [=in parallel=]:
             1. Let |registration| be [=this=]'s associated [=/service worker registration=].