Discussion:
[dart-misc] BrowserClient sets unsafe headers causing Chrome to report "Refused to set unsafe header"
properius
2015-08-21 13:39:09 UTC
Permalink
I'm using Rpc package and it uses http.BrowserClient to send API requests
to the server.

However on each such send request, Chrome reports an error saying:

Refused to set unsafe header "user-agent"
Refused to set unsafe header "content-length"


These two headers are not allowed to be set as per
http://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader-method.

Shouldn't BrowserClient skip setting the headers that are not allowed by
the browsers?
--
For other discussions, see https://groups.google.com/a/dartlang.org/

For HOWTO questions, visit http://stackoverflow.com/tags/dart

To file a bug report or feature request, go to http://www.dartbug.com/new

To unsubscribe from this group and stop receiving emails from it, send an email to misc+***@dartlang.org.
'Alan Knight' via Dart Misc
2015-08-21 16:24:12 UTC
Permalink
I don't know. Is it better for it to silently skip it, or to tell you that
it's not doing what you asked. Also, I'm not sure if we consistently get
notification that it's not setting that header, or if it just gets
suppressed. It would be bad if we had to hard-code the list of what wasn't
allowed and then got out of sync with what was actually allowed. But by all
means file a bug and we can investigate.
Post by properius
I'm using Rpc package and it uses http.BrowserClient to send API requests
to the server.
Refused to set unsafe header "user-agent"
Refused to set unsafe header "content-length"
These two headers are not allowed to be set as per
http://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader-method.
Shouldn't BrowserClient skip setting the headers that are not allowed by
the browsers?
--
For other discussions, see https://groups.google.com/a/dartlang.org/
For HOWTO questions, visit http://stackoverflow.com/tags/dart
To file a bug report or feature request, go to http://www.dartbug.com/new
To unsubscribe from this group and stop receiving emails from it, send an
--
For other discussions, see https://groups.google.com/a/dartlang.org/

For HOWTO questions, visit http://stackoverflow.com/tags/dart

To file a bug report or feature request, go to http://www.dartbug.com/new

To unsubscribe from this group and stop receiving emails from it, send an email to misc+***@dartlang.org.
properius
2015-08-21 17:22:49 UTC
Permalink
While writing the bug I searched the code to figure out where the headers
are set.

They are set in the Rpc package (/src/clients.dart). I guess in my case the
problem is with ApiRequester.simpleRequest() method.

I'll file a bug with Rpc package. There won't be a need to hard-code the
list of headers.

Thank you for sending me searching the code.
Post by 'Alan Knight' via Dart Misc
I don't know. Is it better for it to silently skip it, or to tell you that
it's not doing what you asked. Also, I'm not sure if we consistently get
notification that it's not setting that header, or if it just gets
suppressed. It would be bad if we had to hard-code the list of what wasn't
allowed and then got out of sync with what was actually allowed. But by all
means file a bug and we can investigate.
Post by properius
I'm using Rpc package and it uses http.BrowserClient to send API requests
to the server.
Refused to set unsafe header "user-agent"
Refused to set unsafe header "content-length"
These two headers are not allowed to be set as per
http://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader-method.
Shouldn't BrowserClient skip setting the headers that are not allowed by
the browsers?
--
For other discussions, see https://groups.google.com/a/dartlang.org/
For HOWTO questions, visit http://stackoverflow.com/tags/dart
To file a bug report or feature request, go to http://www.dartbug.com/new
To unsubscribe from this group and stop receiving emails from it, send an
--
For other discussions, see https://groups.google.com/a/dartlang.org/

For HOWTO questions, visit http://stackoverflow.com/tags/dart

To file a bug report or feature request, go to http://www.dartbug.com/new

To unsubscribe from this group and stop receiving emails from it, send an email to misc+***@dartlang.org.
Loading...