-
Notifications
You must be signed in to change notification settings - Fork 270
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
All headers lowercased before sending #95
Comments
Another one of the fun quirks about HTTP, clients are allowed to mix header case in requests, and the server is supposed ignore case. This portion of the code is actually in XHook and was added by this PR: We can either remove this code or @gasi Can you comment on this? |
Also, another thing that needs to be confirmed, which I can do when I get home, is: Can multiple headers of the same name be set? I'm quite sure this is allowed in the spec? Can all browsers do this? Because at the moment, I'm storing headers in an object which would only allow unique headers. |
So, when we do: xhr.setRequestHeader('foo-BAR', 42);
xhr.setRequestHeader('FOO-bar', 21); In latest chrome it sends (lowercase key, both values)
whereas on latest firefox, it sends (lowercase key, last value)
Same test, though with authentication header: xhr.setRequestHeader('AUTHORization', 42);
xhr.setRequestHeader('AuthorIZATION', 21); chrome (no lowercasing - uses the initial key and both values)
firefox (forces capital A and uses last value)
And there is still safari, android browser, etc to test... Maybe the simplest solution for now is to just force capital (edit1: tested edit2:
|
Created an issue on the XHook repo jpillora/xhook#21, please place all further comments relating to this there |
Fixed with 79fd6a5 |
All request headers are converted to lowercase before sending - which in theory shouldn't be an issue as headers are case insensitive. However, I have to work with an API which requires an 'Authorization' header with a capital A, which I'm unable to send with this library (but was previously with standard jQuery).
Native XMLHttpRequest doesn't lowercase headers, so this shouldn't either?
The text was updated successfully, but these errors were encountered: