From d2b652ee2f6de421024bf62fddd923302f95ea23 Mon Sep 17 00:00:00 2001
From: Nic Jansma <nic@nicj.net>
Date: Tue, 8 Mar 2016 10:36:11 -0800
Subject: [PATCH 1/2] .abort: Don't set headers to default

---
 lib/XMLHttpRequest.js | 4 ++--
 tests/test-headers.js | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/lib/XMLHttpRequest.js b/lib/XMLHttpRequest.js
index 4893913..a012478 100644
--- a/lib/XMLHttpRequest.js
+++ b/lib/XMLHttpRequest.js
@@ -111,7 +111,7 @@ exports.XMLHttpRequest = function() {
   this.responseXML = "";
   this.status = null;
   this.statusText = null;
-  
+
   // Whether cross-site Access-Control requests should be made using
   // credentials such as cookies or authorization headers
   this.withCredentials = false;
@@ -542,7 +542,7 @@ exports.XMLHttpRequest = function() {
       request = null;
     }
 
-    headers = defaultHeaders;
+    headers = {};
     this.status = 0;
     this.responseText = "";
     this.responseXML = "";
diff --git a/tests/test-headers.js b/tests/test-headers.js
index 23a419e..75395b5 100644
--- a/tests/test-headers.js
+++ b/tests/test-headers.js
@@ -61,7 +61,7 @@ try {
   // Invalid header
   xhr.setRequestHeader("Content-Length", 0);
   // Allowed header outside of specs
-  xhr.setRequestHeader("user-agent", "node-XMLHttpRequest-test");
+  xhr.setRequestHeader("User-Agent", "node-XMLHttpRequest-test");
   // Test getRequestHeader
   assert.equal("Foobar", xhr.getRequestHeader("X-Test"));
   assert.equal("Foobar", xhr.getRequestHeader("x-tEST"));

From 4fffb8708616384a4fe139db30ccbd5e14802361 Mon Sep 17 00:00:00 2001
From: Nic Jansma <nic@nicj.net>
Date: Tue, 21 Feb 2017 17:45:03 -0500
Subject: [PATCH 2/2] Added support for rejectUnauthorized

---
 lib/XMLHttpRequest.js | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/XMLHttpRequest.js b/lib/XMLHttpRequest.js
index a012478..84ed6d9 100644
--- a/lib/XMLHttpRequest.js
+++ b/lib/XMLHttpRequest.js
@@ -115,6 +115,7 @@ exports.XMLHttpRequest = function() {
   // Whether cross-site Access-Control requests should be made using
   // credentials such as cookies or authorization headers
   this.withCredentials = false;
+  this.rejectUnauthorized = false;
 
   /**
    * Private methods
@@ -378,7 +379,8 @@ exports.XMLHttpRequest = function() {
       method: settings.method,
       headers: headers,
       agent: false,
-      withCredentials: self.withCredentials
+      withCredentials: self.withCredentials,
+      rejectUnauthorized: self.rejectUnauthorized
     };
 
     // Reset error flag
@@ -415,7 +417,8 @@ exports.XMLHttpRequest = function() {
             path: url.path,
             method: response.statusCode === 303 ? "GET" : settings.method,
             headers: headers,
-            withCredentials: self.withCredentials
+            withCredentials: self.withCredentials,
+            rejectUnauthorized: self.rejectUnauthorized
           };
 
           // Issue the new request