-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Headers user-agent,... forbidden for GitHub API #1659
Comments
As far as I can tell this does not work in browsers: e.g. http://jsbin.com/paxoyuzemu/edit?html,console,output says You can adjust the user agent jsdom uses as part of the configuration when initially creating a jsdom, from the outside. But you cannot change the user agent of a single XHR from inside jsdom script. Closing, but happy to reopen if there's a separate issue here besides user agent. |
@domenic I believe OP's underlying issue is that jsdom's XHR does not set the
It is true that Chrome does not allow scripts to set the The part of the spec you linked to defines the CORS-safelisted request-headers, which are just headers that are automatically allowed by CORS, and do not require a preflight request. However, the preflight request itself can include other headers. Chrome itself sends its own You can see this in this JSbin example. The request will fail, since Github's CORS doesn't allow that custom header. But if you open DevTools and look at the preflight request, you will see that Chrome included a In fact, the spec for CORS-preflight fetch, in step 5, uses HTTP-network-or-cache fetch to actually send the preflight request. Step 11 there adds the In summary: the spec does not forbid setting the
This is a valid decision, which mirrors the restriction put in place by the other browsers. However, the underlying issue here is that the I've submitted a simple PR (#2103) to fix this. |
Fixes #1659. This mirrors the behavior of other browsers, and fixes broken XHR requests to APIs that require a User-Agent header for all requests, such as api.github.com.
I try to use GitHub API from JSDOM. But I always receive error "Headers user-agent, authentication forbidden" when I set required headers. In browers all works fine.
I have explored a source code of XMLHttpReqest (xmlhttprequest.js and xhr-utils.js). I see preflight request to server but result of it is not used for validation of final resquest's result.
For example:
Client side:
Server side:
Result:
Error: Headers user-agent forbidden
As I understand header
access-control-allow-headers
must be forworded from preflight request's response (xhr-utils.js:281
) to real request's response validation (xmlhttprequest.js:958
).The text was updated successfully, but these errors were encountered: