header restrictions with XHR

does XMLHTTPRequest allow one to set "any" headers? Because it seems to be limiting me from setting the host header.

No, as it will cause security issues. Please refer to W3C XMLHttpRequest Level 2 spec, the setRequestHeader() method should terminate if header is a case-insensitive match for one of the following headers:

Accept-Charset
Accept-Encoding
Access-Control-Request-Headers
Access-Control-Request-Method
Connection
Content-Length
Cookie
Cookie2
Content-Transfer-Encoding
Date
Expect
Host
Keep-Alive
Origin
Referer
TE
Trailer
Transfer-Encoding
Upgrade
User-Agent
Via

Update: Konstantinos Filios is right that latest list can be found in WHATWG XMLHttprequest spec.

Related questions

How can I check if my browser supports HSL colours in Javascript?

using onShow and onLoad for dijit.layout.ContentPane created programatic

Javascript comma syntax

jQuery - some beginner questions

Wildcard in jQuery selector

javascript--can't get textContent of [Object Text]?

How to Display / Hide jsf components

Trying to locate function in JavaScript files using Firebug

Can I find the cursor's pixel position in a ContentEditable?

How to run a function everytime a div changes its size?

What is the difference between these two function declarations in JavaScript? [duplicate]

Display image based on a value in asp GridView column

Javascript: Detect Carets Parent Node

throwing and catching exception from function

jQuery News Ticker - not quite smooth enough

Prevent clicking on link while page loading

javascript creating multi-dimensional array syntax [duplicate]

How do you have multiple javascript libraries in Dynamics CRM 2011

JQuery Not Working in IE8

Best practice for loading a large text file using jQuery get()

header restrictions with XHR

Tags:

javascript

xmlhttprequest

Tony Stark

1 Answers

Samuel Zhang

Recent Activity

Donate For Us