1

I'm using jQuery.ajax to make HTTP connections. In my project I'd like to set custom http headers, but I'd like to send only the ones I have set. Currently my headers are being sent, but in addition there are also a number of other headers I didn't set.

This is how I'm adding custom headers:

$.ajax("http://fakedomain.foo", {headers: {header1: "value1", header2: "value2"}});

I might be fine even in case it's not possible to set the whole collection of headers, but only add extra ones. But even in this case, (削除) sometimes my headers are modified before being sent. For instance, if I add these headers (削除ここまで):

 {
 "Connection": "close",
 "Accept-Encoding": "deflate, gzip",
 "Accept": "text/plain",
 }

(削除) Then this is what is actually being sent (I made a capture with Wireshark only to verify this) (削除ここまで)

 {
 "Connection": "close",
 "Accept-Encoding": "gzip,deflate,sdch",
 "Accept": "text/plain, */*; q=0.01",
 "Accept-Language": "es-ES,es;q=0.8",
 "Dnt": "1", 
 "Accept-Charset": "ISO-8859-1,utf-8;q=0.7,*;q=0.3",
 ...
 }

(削除) As you can see some evil gobling out there is tweaking my headers, and it has added the "sdch" encoding to the "Accept-Encoding" header, and also changed the "Accept" header so that it also accepts */*. This is a real problem if the WS is picky and needs to take different actions based on the headers. (削除ここまで)

So to sum up:

  1. Is there a way to send only my headers and no extra ones?

    (削除) 2. If not, is there a way to add my custom headers as they are, without them being modified? (削除ここまで)

UPDATE:
My bad, I was not setting the headers properly. (The code I posted is correct, but there was a bug in my unit tests, so my headers were not actually added and the default ones were sent instead. After fixing this, I can see my headers are being sent with the correct text, and no modifications. So forget about #2. The question #1 still applies.

asked Oct 3, 2013 at 10:55
1
  • 1
    1) No. 2) No. The headers which get sent are dependant on the broswer, although they will all modify them in some way. Commented Oct 3, 2013 at 10:58

1 Answer 1

2

The specification (W3C, WHATWG) forbids overriding some headers, including Accept-Encoding.

Interestingly, the spec does not say anything special about Accept, which means the browser must use it as given. In this case it's jQuery at fault, where it adds that last part just in case. It was there since 6 years ago.

The specification also mandates the browser to send some other headers, such as Authorization, Host, Connection, Keep-Alive, and others.

answered Oct 3, 2013 at 11:08
Sign up to request clarification or add additional context in comments.

8 Comments

You are right, actually the headers are not overriden. I'll edit my answer.
Do you think my answer fully answers your question? If not, what do you think is missing?
Sorry I meant I'll edit my question. Forget about question #2, but thanks for posting the link to the specs. Now the only question remaining is #1.
It's described in the same spec that the browser must send some headers. I've added it to my answer.
I've read the W3C specs and it looks like the browser always sends some headers as you said. So I guess #1 is a NO. Interestingly, it also says "UAs MAY set the Accept-Charset and Accept-Encoding headers and MUST NOT allow them to be overridden". But in my tests I was able to set the Accept-Encoding.
|

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.