Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do delete a HTTP response header?

I have a situation where one of the response headers Content-Disposition has to be removed. So I thought of writing a servlet filter to do this. But I realized that the HttpServletResponse has only a setHeader() method but no method to remove it. How can I do this?

like image 680
Daniel Avatar asked Oct 25 '11 20:10

Daniel


People also ask

How do I change HTTP response headers?

Select the web site where you want to add the custom HTTP response header. In the web site pane, double-click HTTP Response Headers in the IIS section. In the actions pane, select Add. In the Name box, type the custom HTTP header name.

What is HTTP response header?

An HTTP response header is a component of a network packet that is sent by a Web server to a Web browser or client machine in response to an HTTP request. It is used in Web communications to deliver webpage and other Web-based data from the server to the requesting end-user browsers.

What is the name of the process that removes the headers?

The RemoveHeadersAndFooters method works with the document you specify, deleting all of the header and footer parts and references to those parts. The code starts by opening the document, using the Open method and indicating that the document should be opened for read/write access (the final true parameter).


2 Answers

You can't delete headers afterwards by the standard Servlet API. Your best bet is to just prevent the header from being set. You can do this by creating a Filter which replaces the ServletResponse with a custom HttpServletResponseWrapper implementation which skips the setHeader()'s job whenever the header name is Content-Disposition.

Basically:

@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {     chain.doFilter(request, new HttpServletResponseWrapper((HttpServletResponse) response) {         public void setHeader(String name, String value) {             if (!name.equalsIgnoreCase("Content-Disposition")) {                 super.setHeader(name, value);             }         }     }); } 

Just map that filter on the URL-pattern of interest to get it to run.

like image 55
BalusC Avatar answered Sep 16 '22 12:09

BalusC


This may not be Servlet API compliant, but setting the value to null works on GlassFish 4 and probably on Tomcat too as that is what is underneath GlassFish.

We really need to update the Servlet API specification to either add a method to allow removing headers or to officially support using setHeader with a null value.

An example where this is important is if you use a security constraint (SSL/TLS) on your web application then static resource caching is complicated by the fact that the container will automatically add headers to prevent caching (you can try to disable with disableProxyCaching and securePagesWithPragma on Tomcat/GlassFish). I've already got a servlet filter for cache control that works great for non-secure content so I would like to keep cache control all in one place and simply set Prama and Cache-Control to null to clear any container added headers.

like image 27
Ryan Avatar answered Sep 17 '22 12:09

Ryan