Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Headers customization #189

Open
iamoskvin opened this issue Jun 7, 2023 · 2 comments
Open

Headers customization #189

iamoskvin opened this issue Jun 7, 2023 · 2 comments
Assignees
@barjin
Labels
t-tooling Issues with this label are in the ownership of the tooling team.

Comments

@iamoskvin
Copy link

iamoskvin commented Jun 7, 2023
edited
Loading

I have met several difficulties. Maybe you could make some changes.

  1. If I make cross-site request, then Upgrade-Insecure-Requests is not suitable. So, I need to remove it by myself after headers generation.
  2. If I do POST instead of GET, I need to add content-type and content-length headers. And I need them in the right order. But your ordering file does not include them, so I need to do ordering by myself.
    The same is true for Origin header.
  3. Also, for cross-site requests I need to change the cors headers and it is now convenient now too. I can't pass them as additional headers: it does not works reliable due to case sensitivity etc. So, I need to modify cors headers after generation. Probably, this is not the best way too.

Thank you.
@barjin
Copy link
Collaborator

barjin commented Jun 8, 2023

Hello and thank you for submitting this issue!

Other than the second point (which I have already prepared a PR for, see #190), your requests seem to be centered on your use case. Can you please provide a better description of what you are trying to achieve with this library (possibly share some snippets of your code), so it gives us a better idea of what your priorities are? Thanks!

@iamoskvin
Copy link
Author

Hello, and thank you for the answer.
I am making a cross-site POST-request. I don't think that code snippets are relevant for the explanation. I could write headers if it needed for clarity.
I think we have three different things here.

  1. Headers list (what headers should be included and excluded from this particular request).
  2. Headers values (for cross-site requests, we need to modify the provided cors headers).
  3. Headers ordering.
    PR 190 should solve the first problem. The second is not a big problem.

But the ordering seems complicated. I ran your solver script and also made different requests in different browsers manually and saw headers in Wireshark. It looks like in Chrome request headers are in different orders for different requests. I don't know which parameters determine the header order. For now, I just give the exact order for needed request and sort headers in this order. But this is an ad hoc way and not convenient.
So, it seems that for POST requests, your ordering solution does not work properly (at least for Chrome).

@barjin barjin self-assigned this Jul 21, 2023
@barjin barjin added the t-tooling Issues with this label are in the ownership of the tooling team. label Jul 21, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@barjin barjin

Labels
t-tooling Issues with this label are in the ownership of the tooling team.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@iamoskvin @barjin