Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

header restrictions with XHR

Tags:

javascript

xmlhttprequest

does XMLHTTPRequest allow one to set "any" headers? Because it seems to be limiting me from setting the host header.

like image 767
Tony Stark Avatar asked Mar 09 '11 00:03

Tony Stark

1 Answers

No, as it will cause security issues. Please refer to W3C XMLHttpRequest Level 2 spec, the setRequestHeader() method should terminate if header is a case-insensitive match for one of the following headers:

  • Accept-Charset
  • Accept-Encoding
  • Access-Control-Request-Headers
  • Access-Control-Request-Method
  • Connection
  • Content-Length
  • Cookie
  • Cookie2
  • Content-Transfer-Encoding
  • Date
  • Expect
  • Host
  • Keep-Alive
  • Origin
  • Referer
  • TE
  • Trailer
  • Transfer-Encoding
  • Upgrade
  • User-Agent
  • Via

Update: Konstantinos Filios is right that latest list can be found in WHATWG XMLHttprequest spec.

like image 145
Samuel Zhang Avatar answered Oct 07 '22 00:10

Samuel Zhang
Sign in to Comment

Related questions

How can I check if my browser supports HSL colours in Javascript?
using onShow and onLoad for dijit.layout.ContentPane created programatic
Javascript comma syntax
jQuery - some beginner questions
Wildcard in jQuery selector
javascript--can't get textContent of [Object Text]?
How to Display / Hide jsf components
Trying to locate function in JavaScript files using Firebug
Can I find the cursor's pixel position in a ContentEditable?
How to run a function everytime a div changes its size?
What is the difference between these two function declarations in JavaScript? [duplicate]
Display image based on a value in asp GridView column
Javascript: Detect Carets Parent Node
throwing and catching exception from function
jQuery News Ticker - not quite smooth enough
Prevent clicking on link while page loading
javascript creating multi-dimensional array syntax [duplicate]
How do you have multiple javascript libraries in Dynamics CRM 2011
JQuery Not Working in IE8
Best practice for loading a large text file using jQuery get()

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!