setRequestHeader underspecified - setting "Accept" header as an example

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

setRequestHeader underspecified - setting "Accept" header as an example

Hallvord Reiar Michaelsen Steen-3

I've found a site that requires that any UA default value is overridden  
with the new value when using setRequestHeader('Accept', ..).

(For reference: the site is mail.163.com, it uses XHR extensively to fetch  
data and sets Accept header to "text/javascript" to fetch JSON content. If  
that value is appended to the UA's internal list instead of replacing it  
the server returns XML instead of JSON, which doesn't go down well with  
the JSON "parsing" - i.e. eval() - they put the data through.)

The spec says about "setRequestHeader()":

> If the header argument is in the list of request headers either use  
> multiple headers, combine the values or use a combination of those  
> (section 4.2, RFC 2616).

I think this needs to be way more specific. We probably need to verify  
what existing UAs do for actual header values, and make some sensible  
rules from that.

--
Hallvord R. M. Steen
Core JavaScript tester, Opera Software
http://www.opera.com/
Opera - simply the best Internet experience

Reply | Threaded
Open this post in threaded view
|

Re: setRequestHeader underspecified - setting "Accept" header as an example

bilcorry

Hallvord R. M. Steen wrote on 11/18/2008 6:50 AM:
> I think this needs to be way more specific. We probably need to verify
> what existing UAs do for actual header values, and make some sensible
> rules from that.

I saw this yesterday, it suggests using setRequestHeader() to replace the default values with null values to reduce the size of the request headers for XHR requests, but notes that Opera combines the User-Agent header rather than replacing it (security feature?):

        http://blog.mibbit.com/?p=143


- Bil



Reply | Threaded
Open this post in threaded view
|

Re: setRequestHeader underspecified - setting "Accept" header as an example

Laurens Holst-2
In reply to this post by Hallvord Reiar Michaelsen Steen-3
Hallvord R. M. Steen schreef:
>> If the header argument is in the list of request headers either use
>> multiple headers, combine the values or use a combination of those
>> (section 4.2, RFC 2616).
>
> I think this needs to be way more specific. We probably need to verify
> what existing UAs do for actual header values, and make some sensible
> rules from that.

Just as a pointer, a while ago I blogged about some test results wrt.
setRequestHeader and the Accept header
(the original comment I posted about has iirc been resolved, by the way):

http://www.grauw.nl/blog/entry/470

This lead to the following discussion on the list:

http://lists.w3.org/Archives/Public/public-webapi/2008May/0228.html
http://lists.w3.org/Archives/Public/public-webapi/2008May/0355.html

Maybe that’s useful.

~Laurens

--
Note: New email address! Please update your address book.

~~ Ushiko-san! Kimi wa doushite, Ushiko-san nan da!! ~~
Laurens Holst, student, Utrecht University, the Netherlands
Website: www.grauw.nl. Backbase employee; www.backbase.com


lholst.vcf (184 bytes) Download Attachment
smime.p7s (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: setRequestHeader underspecified - setting "Accept" header as an example

Anne van Kesteren-2
In reply to this post by Hallvord Reiar Michaelsen Steen-3

On Tue, 18 Nov 2008 13:50:36 +0100, Hallvord R. M. Steen  
<[hidden email]> wrote:

> I've found a site that requires that any UA default value is overridden  
> with the new value when using setRequestHeader('Accept', ..).
>
> (For reference: the site is mail.163.com, it uses XHR extensively to  
> fetch data and sets Accept header to "text/javascript" to fetch JSON  
> content. If that value is appended to the UA's internal list instead of  
> replacing it the server returns XML instead of JSON, which doesn't go  
> down well with the JSON "parsing" - i.e. eval() - they put the data  
> through.)
>
> The spec says about "setRequestHeader()":
>
>> If the header argument is in the list of request headers either use  
>> multiple headers, combine the values or use a combination of those  
>> (section 4.2, RFC 2616).
>
> I think this needs to be way more specific. We probably need to verify  
> what existing UAs do for actual header values, and make some sensible  
> rules from that.

It also says that UAs should have an Accept header of */* when they supply  
one. Does the server still give XML back in that scenario?


--
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>