Test that setRequestHeader cannot be used to alter security-sensitive headers for file:// urls.

FAIL: script didn't run or raised an unexpected exception.