Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

AJAX post error : Refused to set unsafe header "Connection"

I have the following custom ajax function that posts data back to a PHP file. Everytime the post of data happens I get the following two errors :

Refused to set unsafe header "Content-length"
Refused to set unsafe header "Connection"

Code :

function passposturl(url1, params, obj) {     //url1 = url1+"&sid="+Math.random();     xmlHttp = get_xmlhttp_obj();     xmlHttp.loadflag = obj;     xmlHttp.open("POST", url1, true);     //alert(url1);     //alert(params);     //alert(obj);     //alert(params.length);     xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");     xmlHttp.setRequestHeader("Content-length", params.length);     xmlHttp.setRequestHeader("Connection", "close");     xmlHttp.onreadystatechange = function ()     {         stateChanged(xmlHttp);     };     xmlHttp.send(params);  } 

What am I doing wrong?

like image 732
sniper Avatar asked Aug 26 '11 20:08

sniper


1 Answers

Remove these two lines:

xmlHttp.setRequestHeader("Content-length", params.length); xmlHttp.setRequestHeader("Connection", "close"); 

XMLHttpRequest isn't allowed to set these headers, they are being set automatically by the browser. The reason is that by manipulating these headers you might be able to trick the server into accepting a second request through the same connection, one that wouldn't go through the usual security checks - that would be a security vulnerability in the browser.

like image 198
Wladimir Palant Avatar answered Oct 15 '22 16:10

Wladimir Palant