HttpUrlConnection是否审查了一些标题，特别是Origin？ [英] Does HttpUrlConnection censor some headers, notably Origin?

问题描述

我正在尝试为实现CORS的Web服务创建一些测试。所以，我需要发送Origin标头。当我调用 addRequestProperty（origin，origin）时，原始标题似乎没有出现在服务器上。我说'似乎' - 我有一个servlet迭代所有标题打印出来，并没有出现。我没有一直到TCPMon或通过普通套接字连接发送请求。

I'm trying to create some tests for a web services that implements CORS. So, I need to send Origin headers. When I call addRequestProperty("origin", origin), the origin header does not seem to appear at the server. I say 'seem' -- I'm got a servlet iterating over all the headers printing them out, and it does not appear. I haven't gone all the way to TCPMon or sending the request over a plain socket connection.

HttpUrlConnection的javadoc没有提到我见过的任何限制，但我可能会跳过一个严厉的判决。这是一个众所周知的限制吗？

The javadoc for HttpUrlConnection doesn't mention any limits that I've seen, but I might have skipped a critical sentence. Is this a well-known limitation?

推荐答案

我找到了 http://javasourcecode.org/html/open-source/jdk/jdk- 6u23 / sun / net / www / protocol / http / HttpURLConnection.java.html 。

作者巧妙地决定禁止Origin和其他CORS-没有实际实现CORS规范的相关头文件。这真令人沮丧。

The author, cleverly, decided to forbid Origin and other CORS-related headers without actually implementing the CORS spec. It's pretty depressing.

这篇关于HttpUrlConnection是否审查了一些标题，特别是Origin？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！