HttpUrlConnection是否审查了一些标题,特别是Origin? [英] Does HttpUrlConnection censor some headers, notably Origin?
问题描述
我正在尝试为实现CORS的Web服务创建一些测试。所以,我需要发送Origin标头。当我调用 addRequestProperty(origin,origin)
时,原始标题似乎没有出现在服务器上。我说'似乎' - 我有一个servlet迭代所有标题打印出来,并没有出现。我没有一直到TCPMon或通过普通套接字连接发送请求。
I'm trying to create some tests for a web services that implements CORS. So, I need to send Origin headers. When I call addRequestProperty("origin", origin)
, the origin header does not seem to appear at the server. I say 'seem' -- I'm got a servlet iterating over all the headers printing them out, and it does not appear. I haven't gone all the way to TCPMon or sending the request over a plain socket connection.
HttpUrlConnection的javadoc没有提到我见过的任何限制,但我可能会跳过一个严厉的判决。这是一个众所周知的限制吗?
The javadoc for HttpUrlConnection doesn't mention any limits that I've seen, but I might have skipped a critical sentence. Is this a well-known limitation?
推荐答案
作者巧妙地决定禁止Origin和其他CORS-没有实际实现CORS规范的相关头文件。这真令人沮丧。
The author, cleverly, decided to forbid Origin and other CORS-related headers without actually implementing the CORS spec. It's pretty depressing.
这篇关于HttpUrlConnection是否审查了一些标题,特别是Origin?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!