http-headers | : lock : HTTP Headers for Wordpress | HTTP library
kandi X-RAY | http-headers Summary
kandi X-RAY | http-headers Summary
HTTP Headers gives your control over the http headers returned by your blog or website.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of http-headers
http-headers Key Features
http-headers Examples and Code Snippets
Community Discussions
Trending Discussions on http-headers
QUESTION
I want to use the new java.net.HttpClient to do some requests to another system.
For debug purposes I want to log (and later store in our db) the request that I send and the response that I receive.
How can I retrieve the effective http headers, that java is sending?
I tried to get the headers like this:
...ANSWER
Answered 2021-May-17 at 13:38I have an unfortunate answer to your question: Regrettably, impossible.
Some background on why this is the case:
The actual implementation of HttpRequest used by your average OpenJDK-based java-core-library implementation is not java.net.http.HttpRequest
- that is merely an interface. It's jdk.internal.net.http.HttpRequestImpl
.
This code has 2 separate lists of headers to send; one is the 'user headers' and the other is the 'system headers'. Your .headers()
call retrieves solely the user headers, which are headers you explicitly asked to send, and, naturally, as you asked for none to send, it is empty.
The system headers is where those 6 headers are coming from. I don't think there is a way to get at these in a supported fashion. If you want to dip into unsupported strategies (Where you write code that queries internal state and is thus has no guarantee to work on other JVM implementations, or a future version of a basic JVM implementation), it's still quite difficult, unfortunately! Some basic reflection isn't going to get the job done here. It's the worst news imaginable:
These 6 headers just aren't set, at all, until
send
is invoked. For example, the three headers that are HTTP2 related are set in the package-privatesetH2Upgrade
method, and this method is passed the HttpClient object, which proves that this cannot possibly be called except in the chain of events started when you invokesend
. An HttpClient object doesn't exist in the chain of code that makes HttpRequest objects, which proves this.To make matters considerably worse, the default HttpClient impl will first clone your HttpRequest, then does a bunch of ops on this clone (including adding those system headers), and then sends the clone, which means the HttpRequest object you have doesn't have any of these headers. Not even after the send call completes. So even if you are okay with fetching these headers after the send and are okay with using reflecting to dig into internal state to get em, it won't work.
You also can't reflect into the client because the relevant state (the clone of your httprequest object) isn't in a field, it's in a local variable, and reflection can't get you those.
A HttpRequest can be configured with custom proxies, which isn't much of a solution either: That's TCP/IP level proxies, not HTTP proxies, and headers are sent encrypted with HTTPS. Thus, writing code that (ab)uses the proxy settings so that you can make a 'proxy' that just bounces the connection around your own code first before sending it out, in order to see the headers in transit, is decidedly non-trivial.
The only solution I can offer you is to ditch java.net.http.HttpClient
entirely and use a non-java-lib-core library that does do what you want. perhaps OkHttp. (Before you sing hallelujah, I don't actually know if OkHttp can provide you with all the headers it intends to send, or give you a way to register a hook that is duly notified, so investigate that first!)
QUESTION
What I am trying to do here is that I am going to send a converted pdf to base64 to an endpoint where in this is the endpoint
...ANSWER
Answered 2021-Apr-07 at 09:30By following the suggestion of @Jason in the comment section I have solved my problem
https://learning.postman.com/docs/sending-requests/generate-code-snippets/
Hope this solves someone having thesame problem as mine.
QUESTION
I am writing my own http server. I need to check each header from the given list (if it was given an invalid value). I also can not use any third party libraries.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers
Yes, I was looking for a solution, I have seen these and other questions:
Parse HTTP headers in C++
How to correctly parse incoming HTTP requests
How to parse HTTP response using c++
I also tried to find the source file \ example of implementing that in libcurl here, but I couldn't.
https://curl.se/libcurl/c/example.html
My own work according to this article:
https://developer.mozilla.org/en-US/docs/Glossary/CORS-safelisted_request_header
ANSWER
Answered 2021-Feb-23 at 10:43My question is, is there a better way to do this than a huge number of else-if for every possible header?
It's exactly the same answer as for any other case where you're hard-coding a lot of magic values: stop it.
Group all the hard-coded magic values together in one place, so at least they're not polluting your logic: build a map of header name strings to validators. The validators can be regular expressions or actual functors (eg, std::function
) if you need more flexibility.
Your code becomes something like
QUESTION
Background:
I have a small RaspberyPi-like server on Armbian (20.11.6) (precisely - on Odroid XU4).
I use lighttpd to serve pages (including Home Assistant and some statistics and graphs with chartjs).
(the example file here is Chart.bundle.min.js.gz)
Issue:
There seems to be a growing amount of javascript files, which become larger than the htmls and the data itself (some numbers for power/gas consumption etc.). I am used to use mod_compress, mod_deflate etc on servers (to compress files on the fly), but this would kill the Odroid (or unnecessarily load CPU and the pitiful SD card for caching).
Idea:
Now, the idea is, just to compress the javascript (and other static (like css)) files and serve it as static gzip file, which any modern browser can/should handle.
Solution 0:
I just compressed the files, and hoped that the browser will understand it...
(Clearly the link was packed in the script html tag, so if the browser would get that gz is a gzip... it should maybe work).
It did not ;)
Solution 1:
I enabled mod_compress (a suggested on multiple pages) and and tried to serve static js.gz file.
https://www.drupal.org/project/javascript_aggregator/issues/601540
https://www.cyberciti.biz/tips/lighttpd-mod_compress-gzip-compression-tutorial.html
Without success (browser takes it as binary gzip, and not as application/javascript type).
(some pages suggested enabling mod_deflate, but it does not seem to exist)
Solution 2:
(mod_compress kept on) I did the above, and started fiddling with the Content-Type, Content-Encoding in the HTML (in the script html tag). This did not work at all, as the Content-Type can be somehow influenced in HTML, but it seems that the Content-Encoding can not.
https://www.geeksforgeeks.org/http-headers-content-type/
(I do not install php (which could do it) to save memory, sd card lifetime etc.).
Solution 3:
I added "Content-Encoding" => "gzip" line to the 10-simple-vhost.conf default configuration file in the setenv.add-response-header. This looked as a dirty crazy move, but I wanted to check if the browser accepts my js.gz file... It did not.
And furthermore nothing loaded at all.
Question:
What would be an easy way to do it ? (without php).
Maybe something like htaccess in Apache ?
EDIT 1:
It seems that nginx can do it out-of-the-box:
Serve static gzip files using node.js
http://nginx.org/en/docs/http/ngx_http_gzip_static_module.html
I am also digging into the headers story in lighttpd:
https://community.splunk.com/t5/Security/How-to-Disable-http-response-gzip-encoding/m-p/64396
EDIT 2:
Yes... after some thinking, I got to the idea that it seems that this file could be cached for a long time anyway, so maybe I should not care so much :)
ANSWER
Answered 2021-Jan-16 at 00:11It seems that I was writing the question so long, that I was near to the solution.
I created an module file 12-static_gzip.conf, with following content:
QUESTION
As far as I know, everything about the Internet is (or rather should be?) defined and documented in the RFCs. I found a listing of several HTTP-headers on mozilla.org (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers), which I assumed to be second-hand knowledge taken from the RFCs. However most of the security-related HTTP-headers are neither in the RFCs (source: https://www.rfc-editor.org/search/rfc_search_detail.php?title=Content-Security-Policy) nor in the HTTP-headers suggested by IANA (source: https://www.iana.org/assignments/message-headers/message-headers.xhtml)
- Is there a commitee that decides on such conventions and a central place where I can always find first-hand information about the rules of the internet?
- How do programmers of critical applications know which features they have to implement to keep their software up-to-date with the rest of the internet?
- How can programmers be sure their software is implemented perfectly according to the rules and works in harmony with the rest of the internet. E.g. somebody who programs an FTP-client (assuming they are not making use of libraries) has to make sure their understanding of the FTP-protocol is the same as that of every single FTP-server-application, right?
ANSWER
Answered 2020-Dec-31 at 01:58The RFCs stand as a final approved documentation. In your case the HTTP is under the HTTP Working Group so some new features which some browsers already support are being discussed in this group. Expanding the idea, some security headers present in HTTP may be from other groups and just referenced in HTTP RCFs. The Content Security Policy is documented in the RFC 7762 not that it's tagged as informational.
Each area has its Working groups, in this case HTTP is nested in ART (Applications And Real-Time Area). Each of those groups compile, revise and publish new specifications. As an example you can see HTTP(httpbis) charter
There's two options, implement based on the RCFs and its references or follow the Working Group directives and references. Using only RFCs is more secure and interoperable but will eventually be outdated until a new RFC is published.
The only way is to implement what is documented under the RFCs. It's part o the internet concept, new features or standards will take a while to be fully documented and it's up to developer research and implement those.
QUESTION
I used Node.js and Express for the first time to make an API and I am having some issues.
I'm using Node.JS 13.11.0 and Express 4.17.1.
When I try to access 127.0.0.1:4008/api/nbhbdm and append parameters, I receive this error.
ANSWER
Answered 2020-Jul-11 at 12:57I have seen Error: Can't set headers after they are sent to the client, but I don't think I have tried to send multiple responses to the same request.
You have, you just didn't notice it.
The onreadystatechange event is triggered four times (1-4), one time for each change in the readyState.
Source: https://www.w3schools.com/js/js_ajax_http_response.asp
Every time onreadystatechange is triggered and the readyState isn't 4 or the status isn't 200, you try and send a response to the client with res.json(). Since you cannot send several responses to the same request, you get thrown an error.
You'd need your onreadystatechange callback to disregard any readystate that isn't 4, and then act depending on the status of the request:
QUESTION
a Ubuntu 16.04.6 LTS VPS running nginx is presently bricked in terms of serving pages through port 443. This happened unexpectedly, I assume when a renewal kicked in automatically.
Following are twice replicated steps.
I removed all site definitions in sites-enabled and reduced the server to its simplest expression: one application in http mode only. The output of nginx -T is at bottom. the unencrypted pages serve as expected.
I then ran sudo certbot --nginx
and selected 1
for the only 3rd level domain available to nginx
ANSWER
Answered 2020-Nov-18 at 09:28These lines
QUESTION
I've a React JS app, which makes this request to my back-end API. i.e
...ANSWER
Answered 2020-Nov-10 at 18:27You have basically two options:
the
state
parameterThe
state
parameter is part of the OAuth2 spec (and is supported by Google). It's a random string of characters that you add to the authorization URL (as a query parameter), and will be included when the user is redirected back to your site (as a query parameter). It's used for CSRF protection, and can also be used to identify a user. Be sure that if you use it, it's a one-time value (e.g. a random value that you store in your db, not the user's ID).sessions with cookies
If the user has previously logged in, you should be able to identify them by their session cookie. It sounds like this is the approach you're currently taking, but the session is getting reset.
It's difficult to debug this without knowing more about your stack/code, but a good first step would be just trying to load your callback URL without the redirection to Google to see the session object is still empty. If so, that would indicate an issue with how you've implemented sessions generally and not something specific to this flow.
As a note, based on the code you've shared, I'm not sure how
params["uid"]
is getting set if you're doing a redirect without any query parameters or path parameters.
Finally, you may consider using a managed OAuth service for something like this, like Xkit, where I work. If you have a logged in user, you can use Xkit to connect to the user's Gmail account with one line of code, and retrieve their (always refreshed) access tokens anywhere else in your stack (backend, frontend, cloud functions) with one API call.
QUESTION
I try to set user agent to a npm request. Here is the documentation, but it gives the following error:
...Error: Invalid URI "/"
ANSWER
Answered 2020-Oct-30 at 16:35The problem is you are looking at the documentation of request, but using the async-request, which dont support calling with the object argument like you do.
QUESTION
I run an Icecast2 server where the streams are available from my website using the Web Audio API. I am wanting to set up private streams using Icecast User Basic Auth. Acessing these streams can be done using: http://Username:Password@example.com/stream.
The problem I am facing is that I want to pass the URL to WEB Audio API as http://example.com/stream and Authenticate using XMLHTTPRequest, if that's possible; however, the request is failing CORS preflight and I am not sure if I am correctly setting my headers.
As a note, I have also tried supplying the URL with the username and password without using any requests and get the message: The HTMLMediaElement passed to createMediaElementSource has a cross-origin resource, the node will output silence.
So I guess I need to send a request regardless.
I am currently testing this on my local network. The Icecast server is running on linux and the webpage I am testing is running on windows using IIS. Icecast ip is 192.168.1.30:6048
and IIS is on 127.0.0.1:80
Below is the relavent parts of my Icecast config file and the XMLHTTPRequest I am using. I also currently in my testing have global headers turned off in the Icecast config:
...ANSWER
Answered 2020-Aug-17 at 10:11Try adding this at the top of your Icecast config file (this enables * CORS)
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install http-headers
Updates are on they way, so stay tuned at @DimitarIvanov.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page