Set a request header in JavaScript

JavascriptAjax

Javascript Problem Overview

It seems that I am unable to change most request headers from JavaScript when making an AJAX call using XMLHttpRequest. Note that when request.setRequestHeader has to be called after request.open() in Gecko browsers (see http://ajaxpatterns.org/Talk:XMLHttpRequest_Call). When I set the Referer, it doesn't get set (I looked at the request headers sent using Firebug and Tamper Data). When I set User-Agent, it messed up the AJAX call completely. Setting Accept and Content-Type does work, however. Are we prevented from setting Referer and User-Agent in Firefox 3?

var request = new XMLHttpRequest();
var path="http://www.yahoo.com";
request.onreadystatechange=state_change;

request.open("GET", path, true);
request.setRequestHeader("Referer", "http://www.google.com");
//request.setRequestHeader("User-Agent", "Mozilla/5.0");
request.setRequestHeader("Accept","text/plain");
request.setRequestHeader("Content-Type","text/plain");

request.send(null);
	function state_change()
{
if (request.readyState==4)
  {// 4 = "loaded"
  if (request.status==200)
    {// 200 = OK
    // ...our code here...
	alert('ok');
    }
  else
    {
    alert("Problem retrieving XML data");
    }
  }
}

Javascript Solutions

Solution 1 - Javascript

W3C Spec on setrequestheader.

The brief points:

> If the request header had > already been set, then the new value > MUST be concatenated to the existing > value using a U+002C COMMA followed by > a U+0020 SPACE for separation. > > UAs MAY give the User-Agent header an initial value, but MUST allow authors to append values to it.

However - After searching through the framework XHR in jQuery they don't allow you to change the User-Agent or Referer headers. The closest thing:

// Set header so the called script knows that it's an XMLHttpRequest
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");

I'm leaning towards the opinion that what you want to do is being denied by a security policy in FF - if you want to pass some custom Referer type header you could always do:

xhr.setRequestHeader('X-Alt-Referer', 'http://www.google.com');

Solution 2 - Javascript

@gnarf answer is right . wanted to add more information .

Mozilla Bug Reference : https://bugzilla.mozilla.org/show_bug.cgi?id=627942

Terminate these steps if header is a case-insensitive match for one of the following headers:

Accept-Charset
Accept-Encoding
Access-Control-Request-Headers
Access-Control-Request-Method
Connection
Content-Length
Cookie
Cookie2
Date
DNT
Expect
Host
Keep-Alive
Origin
Referer
TE
Trailer
Transfer-Encoding
Upgrade
User-Agent
Via

Source : https://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#dom-xmlhttprequest-setrequestheader

Solution 3 - Javascript

For people looking this up now:

It seems that now setting the User-Agent header is allowed since Firefox 43. See https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name for the current list of forbidden headers.

Categories
Recommended Javascript Solutions
Recommended Ajax Solutions

Previous Solution:

Is it possible to list all foreign keys in a database?

Sql Server

Next Solution:

Validate select box

JavascriptJqueryHtmlValidationForms

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
Questionuser121196View Question on Stackoverflow
Solution 1 - JavascriptgnarfView Answer on Stackoverflow
Solution 2 - JavascriptakedView Answer on Stackoverflow
Solution 3 - JavascriptRedmer K.View Answer on Stackoverflow