Last Comment Bug 433859 - XMLHttpRequest should set Accept to */* when not part of author headers
: XMLHttpRequest should set Accept to */* when not part of author headers
Status: NEW
dom-triaged btpp-backlog
:
Product: Core
Classification: Components
Component: DOM (show other bugs)
: Trunk
: All All
: -- normal with 7 votes (vote)
: ---
Assigned To: Nobody; OK to take it and work on it
:
Mentors:
http://www.grauw.nl/blog/entry/470
Depends on:
Blocks: 726433
  Show dependency treegraph
 
Reported: 2008-05-15 04:36 PDT by Laurens Holst
Modified: 2016-02-24 00:08 PST (History)
9 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments

Description Laurens Holst 2008-05-15 04:36:55 PDT
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5

According to the XMLHttpRequest specification [1], “[the User Agent] must not
automatically set the Accept [header]”. Currently, Firefox 3b5 sends ‘Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8’. This is incorrect, and should be fixed to not send an Accept header at all.

The rationale behind the specification is that when an Accept header is not set
explicitly, we do not know what the application expects. Setting a default
Accept header effectively means that we are lying to the server, and breaking
correct functioning of HTTP content negotiation.

For further details and a test see my blog post [2].

~Grauw

[1] http://www.w3.org/TR/XMLHttpRequest/#send
[2] http://www.grauw.nl/blog/entry/470

Reproducible: Always

Steps to Reproduce:
1. Go to http://www.grauw.nl/blog/entry/470
2. Try the test by clicking on the button
Actual Results:  
Server receives Accept header with contents "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"

Expected Results:  
Server should not receive an Accept header at all.
Comment 1 Laurens Holst 2008-05-15 13:14:18 PDT
Note that this bug references the 15 April 2008 working draft of the spec.

Additionally, Firefox needs to line up with other browsers (or other browsers need to line up with Firefox :)) with regard to setRequestHeader('Accept', '') and setRequestHeader('Accept', null).

See also discussion on the W3C WebAPI WG list:

http://www.w3.org/mid/482C876A.2070205@students.cs.uu.nl
http://www.w3.org/mid/482C87A8.30106@students.cs.uu.nl

~Grauw
Comment 2 :Ms2ger (⌚ UTC+1/+2) 2011-10-10 12:34:29 PDT
If the user agent implements server-driven content-negotiation it must follow these constraints for the Accept and Accept-Language request headers:

 o Both headers must not be modified if they are already set through
   setRequestHeader().

 o If not set through setRequestHeader() Accept-Language should be set
   as appropriate.

 o If not set through setRequestHeader() Accept must be set with as
   value */*.

is all I can find about 'Accept' in <http://dev.w3.org/2006/webapi/XMLHttpRequest-2/>.
Comment 3 David Bruant 2015-12-23 03:41:23 PST
I came across this bug via a random Google search. Setting a dependency. It may or may not already be fixed, but at least, it won't be an orphan any longer.
Comment 4 Mike 2016-01-20 14:16:28 PST
Seeing this in version 42.0
Comment 5 Peter Michaux 2016-02-23 11:50:54 PST
Wow! It is 2016 and this bug in Firefox 44 still exists. Please fix to conform to the XMLHttpRequest standard.
Comment 6 :Ms2ger (⌚ UTC+1/+2) 2016-02-23 23:53:21 PST
The requirement is now in https://fetch.spec.whatwg.org/#concept-fetch

Note You need to log in before you can comment on or make changes to this bug.