Why cookies and set-cookie headers can’t be set while making xmlhttprequest using setRequestHeader?

by

I am sure you would have gone through the working draft and found

The above headers are controlled by the user agent to let it control
those aspects of transport.

Firstly we need to understand, These are standards working as guidelines for interoperability of functions between different browsers. It’s not mandated for the browser and hence browsers do have different level of adherence to this standard for different reasons.

Secondly, Technically speaking you can emulate a user agent , treat your program as the browser and can very well set those values as per mentioned standards.

Finally, the intent of disallowing overwriting of Headers or setting up headers for certain fields like Content-Length , Cookie ethos the secure design approach. It is to discourage or at least try to discourage HTTP Request smuggling.

More Related Contents:

  1. How to Protect website code PHP / JS? [closed]
  2. My JS is not working (chat application)
  3. Displaying Javascript variables in HTML
  4. Set cookie and get cookie with JavaScript [duplicate]
  5. Why does my http://localhost CORS origin not work?
  6. Make Axios send cookies in its requests automatically
  7. Electron require() is not defined
  8. AngularJS Error: Cross origin requests are only supported for protocol schemes: http, data, chrome-extension, https
  9. Connecting to TCP Socket from browser using javascript
  10. Get and Set a Single Cookie with Node.js HTTP Server
  11. Detecting if a browser is using Private Browsing mode
  12. AngularJS: No “Access-Control-Allow-Origin” header is present on the requested resource [duplicate]
  13. How do I check if a cookie exists?
  14. document.write() overwriting the document?
  15. Streaming a video file to an html5 video player with Node.js so that the video controls continue to work?
  16. Reading cookie expiration date
  17. How to add custom html attributes in JSX
  18. XMLHttpRequest module not defined/found
  19. How do sessions work in Express.js with Node.js?
  20. Sending message to a specific connected users using webSocket?
  21. Good beginners tutorial to socket.io? [closed]
  22. JavaScript innerHTML is not working for IE?
  23. Get elements from page.evaluate in Puppeteer? [duplicate]
  24. Sharing websocket across browser tabs?
  25. Failed to load resource from same directory when redirecting Javascript
  26. how to save canvas data to file
  27. Connecting to remote SSH server (via Node.js/html5 console)
  28. How to modify Cookie from Ajax call
  29. multiple ui-view html files in ui-router
  30. JavaScript EventSource SSE not firing in browser

Leave a Comment