WebKit “Refused to set unsafe header 'content-length'”

后端 未结 1 1008
忘了有多久
忘了有多久 2020-11-27 06:23

I am trying to implement simple xhr abstraction, and am getting this warning when trying to set the headers for a POST. I think it might have something to do with setting t

相关标签:
1条回答
  • 2020-11-27 06:36

    it is also ignoring my setRequestHeader calls and generating its own

    Yes, the standard says it must:

    For security reasons, these steps should be terminated if header is [...]

    • Connection
    • Content-Length

    Messing around with those could expose various request smuggling attacks, so the browser always uses its own values. There's no need or reason to try to set the request length, as the browser can do that accurately from the length of data you pass to send().

    0 讨论(0)
提交回复
热议问题