Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Header Origin vs Host

Tags:

cross-domain

header

I have a question about the working of the Origin and Host HTTP headers.

I have an Ajax page "Page A" which will call the Ajax feed "Page B".

I saw that the request header of "Page B" from the Ajax call contains the headers:

Origin: http://example.com Host: example.com

However, if I call the "Page B" directly, the request header will only contain the Host header:

Host: example.com

Thus, I want to know what is the difference between the Origin and Host headers, and why they show up on non-direct calls?

Can Origin be prepended and passed to server?

like image 265
user192344 Avatar asked Dec 13 '12 02:12

user192344

People also ask

What is the difference between Host and origin?

The Host is the domain the request is being sent to. This header was introduced so hosting sites could include multiple domains on a single IP. The Origin header is the domain the request originates from. The Host header is always included.

What is an origin header?

The Origin request header indicates the origin (scheme, hostname, and port) that caused the request. For example, if a user agent needs to request resources included in a page, or fetched by scripts that it executes, then the origin of the page may be included in the request.

Is Host a header?

The Host request header specifies the host and port number of the server to which the request is being sent. If no port is included, the default port for the service requested is implied (e.g., 443 for an HTTPS URL, and 80 for an HTTP URL). A Host header field must be sent in all HTTP/1.1 request messages.

Is Origin header required?

Yes. However, the browser will always send the required Origin headers when necessary. This is part of the XMLHttpRequest spec; if you're making a cross-domain request, in the request headers an extra header is sent.

1 Answers

The Host is the domain the request is being sent to. This header was introduced so hosting sites could include multiple domains on a single IP.

The Origin header is the domain the request originates from.

The Host header is always included. The Origin header is included sometimes: It is always included on cross-origin requests (across all browsers), and in Chrome/Safari, it is also included on same-origin PUT/POST/DELETE requests. Same-origin GET requests do not include an Origin header.

like image 61
monsur Avatar answered Sep 28 '22 03:09

monsur
Sign in to Comment

Related questions

Sticky Header after scrolling down
How to install the Python development headers on Mac OS X?
How to create include files in Lua language?
Clean up your #include statements?
read.csv, header on first line, skip second line [duplicate]
Display PNG image as response to jQuery AJAX request
Calling a function from another file in the same directory in C
Header Location relative path compatibility
c++ template and header files [duplicate]
Where should I put documentation comments? [duplicate]
accessing request headers on django/python
stdafx.h: When do I need it?
shared c constants in a header
C header issue: #include and "undefined reference"
How do I add a header to urllib2 opener?
Throwing a 401 header with php without redirect
C++, how to declare a struct in a header file
Ruby https POST with headers
Empty space between listview header and first item
Mixing GET with POST - is it a bad practice?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!