Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

WebKit "Refused to set unsafe header 'content-length'"

Tags:

javascript

ajax

xmlhttprequest

it is also ignoring my setRequestHeader calls and generating its own

Yes, the standard says it must:

For security reasons, these steps should be terminated if header is [...]

  • Connection
  • Content-Length

Messing around with those could expose various request smuggling attacks, so the browser always uses its own values. There's no need or reason to try to set the request length, as the browser can do that accurately from the length of data you pass to send().

Related questions

Which browsers support document.activeElement?
How do I undo a Object.defineProperty call?
What is the difference between `mixed` and `any`?
JavaScript in <head> or just before </body>?
How do I implement secure OAuth2 consumption in Javascript?
Conversion from JavaScript to Python code? [closed]
How to Zip files using JavaScript?
How to simulate typing in input field using jQuery?
How to scroll down with Phantomjs to load dynamic content
How to convert an "object" into a function in JavaScript?
How can I check JavaScript code for syntax errors ONLY from the command line?
Detect when "Inspect Element" is open
Why threre is no way to download file using ajax request?
What's the use of the [\b] backspace regex?
React-redux store updates but React does not
What's the difference between self and window?
using myproject/.npmrc with registry
How to access one component's state from another component
Debugging WebView in React Native apps
AngularJS ng-click to go to another page (with Ionic framework)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!