How to play by adding a headers from a link with html 5?
For example:
xxxx.comv?v=36474, this link does not open without certain http headers, my question is when we want to play with html5, do we have a chance to add these http headers?
I need to add hedaers:
"authority: xxx.xxx.xy"
"user-agent: Mozilla"
"sec-fetch-dest: empty"
"accept: */*"
"origin: https://www.yyyy.com"
"sec-fetch-site: cross-site"
"sec-fetch-mode: cors"
"referer: https://www.yyyy.com/p4p.php?v=7f0baeb86d31f0bdb56d452d83020aaf52f0c7a1401c10ab10e4141629d9682b"
"accept-language: tr-TR,tr;q=0.9,en-US;q=0.8,en;q=0.7"
There are only very limited things you can do to affect the request headers sent when a link is clicked on (such as using rel="noreferrer".
You can't set arbitrary headers to arbitrary values.
If you are using XMLHttpRequest or fetch instead of a link then there are methods to set headers, but a number of the headers you want to set are forbidden, so that won't work either.
Related
This question is about HTTP Request headers -- not HTTP Response headers.
Is there any way to programmatically make User Agents add or change any HTTP Request Header e.g. by means of HTML, JavaScript, for links or resources from a web page. There exists some HTTP Request Headers that one would think should be able to be controlled programmatically, for example max-stale.
(One could for example imagine that some optional attribute for HTML-elements <a>, <link>, <img> <script> etc, could exist that would cause the User Agent to add/change a HTTP request header in its request to the server, but I have not found such an attribute. Similarly, one could think that there should exist some mechanism to control HTTP Request Headers when AJAX is used.)
Turning around the question ...: Why does the HTTP Request Header max-stale exist at all if it cannot be controlled?
Thanks!
The XMLHTTPResponse setRequestHeader() method can be used to set HTTP request headers for an AJAX request. Various JavaScript libraries expose this function in different ways. For example, with jQuery.ajax() you would set the headers property of the settings parameter.
There are some ways in which you can affect request headers in html, e.g. via a form's enctype attribute. I do not believe there is any way to actually specify the actual header values in html.
For Ajax you can specify request headers, though the browser will block certain headers from being set, I doubt max-stale is one of them.
Also not only browsers make http request, there are a whole host of applications that do and any of them could easily set the max-stale header if they wanted.
I am sending an html email which refers to some images on amazon s3. The images need an authorization in http header. Specifically they need this:
curl -H 'Authorization: '
How can I provide that empty space authorization the the html email?
You cannot.
HTML provides no means to specify custom HTTP headers for requests.
If you were using a browser, you could use JavaScript with XMLHttpRequest to make the request and then convert the response into a data: URI and use that as the src of the image. HTML formatted email has no such option though.
Although i don't think it's possible but is it a way to get a page size without downloading it?(it's seems silly but anyway i wanna ask it here)
you can curl a page and get it's size but i don't want to dl the page and also there is nothing interesting in the header with text/html.
Query the Content-Length property from the page header.
As defined by Section 14.13 of the Hypertext Transfer Protocol Documentation.
Use the HEAD HTTP method instead of GET:
The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. The metainformation contained in the HTTP headers in response to a HEAD request SHOULD be identical to the information sent in response to a GET request. This method can be used for obtaining metainformation about the entity implied by the request without transferring the entity-body itself.
Even making a HEAD request doesn't guaranty u will get content-length in the output. check it for yourself:
stream_context_set_default(
array(
'http' => array(
'method' => 'HEAD'
)
)
);
var_dump(get_headers("http://www.stackoverflow.com", 1));
var_dump(get_headers("http://www.google.com", 1));
var_dump(get_headers("http://php.net/", 1));
I think the best option is still to go and dl the page using curl and then see what's the size(pure text) of the page
I need to send the following HTTP request to my REST server from an HTML page to retrieve another page. How to do that using javascript or forms or links or whatever ?
Note that the HTTP request body must contain plain text with no key/value pairs as a form usually does.
PUT /somerequest HTTP/1.1
Host: www.myhost.com
Accept: text/html,application/xhtml+xml
Payload of the request to be read by the server script.
The script will return a HTML content to my browser.
Thanks !
You could use jQuery?
http://api.jquery.com/jQuery.ajax/
I'm sure you will find what you want there.
And if you don't look at a lower layer: XMLHttpRequest
http://www.w3.org/TR/XMLHttpRequest/
We have an ecommerce website that displays groups of products by category using a URL format that maps almost exactly to the REST URL format we would like to use for our forthcoming API.
e.g. example.com/products/latest or example.com/products/hats
Is it a valid pattern to use the same URL for visible (HTML) and invisible (JSON) results, and to use the Accept http request header to determine what should be returned.
i.e. if you call example.com/products/latest with Accept: application/json you get just the product data, but if you use text/html you get the full HTML page (header, footer, site chrome etc.)
And if so, is this a good idea - will we run into problems if, for instance, the website needs to change, but the API needs to be stable?
UPDATE: some helpful resources - here is an article[1] by Peter Williams discussing the use of the HTTP Accept header to version APIs, and I have also referenced an SO question[2] that reveals some of the problems of using this approach. Probably better to use a custom HTTP header?
[1] Making the case for using Accept: http://barelyenough.org/blog/2008/05/versioning-rest-web-services/
[2] Problems with jQuery (& IE): Cannot properly set the Accept HTTP header with jQuery
[3] Making the case for using Accept: http://blog.steveklabnik.com/2011/07/03/nobody-understands-rest-or-http.html
[4] Sitting on the fence: http://www.informit.com/articles/article.aspx?p=1566460
Using http headers is generally becoming the accepted way of determining this.
In ASP.NET MVC for example there is an IsAjaxRequest method that checks for the X-Requested-With header and if it is equal to "XMLHttpRequest" it is deemed to be an ajax request.
Last time I tried to do that (and this was a few years ago) I found I could not override the Accept header of an XMLHttpRequest object in Opera. If that isn't a worry for you, then go for it, that is how HTTP was designed to work.
I recommend setting your HTML response to have a higher q value then your JSON response though, some browsers send Accept: */*.
I have no experience with this, but Restful Web Services recommends that you version your API via the URL (e.g. api.example.com/v1/products/hats) — I’m not sure that would fit with using the same URLs for the website and the API.