Closed
Bug 433859
Opened 16 years ago
Closed 8 years ago
XMLHttpRequest should set Accept to */* when not part of author headers
Categories
(Core :: DOM: Core & HTML, defect)
Core
DOM: Core & HTML
Tracking
()
RESOLVED
DUPLICATE
of bug 918752
People
(Reporter: u81239, Unassigned)
References
(Blocks 1 open bug, )
Details
(Whiteboard: dom-triaged btpp-backlog)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.0; nl; rv:1.9b5) Gecko/2008032620 Firefox/3.0b5 According to the XMLHttpRequest specification [1], “[the User Agent] must not automatically set the Accept [header]”. Currently, Firefox 3b5 sends ‘Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8’. This is incorrect, and should be fixed to not send an Accept header at all. The rationale behind the specification is that when an Accept header is not set explicitly, we do not know what the application expects. Setting a default Accept header effectively means that we are lying to the server, and breaking correct functioning of HTTP content negotiation. For further details and a test see my blog post [2]. ~Grauw [1] http://www.w3.org/TR/XMLHttpRequest/#send [2] http://www.grauw.nl/blog/entry/470 Reproducible: Always Steps to Reproduce: 1. Go to http://www.grauw.nl/blog/entry/470 2. Try the test by clicking on the button Actual Results: Server receives Accept header with contents "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" Expected Results: Server should not receive an Accept header at all.
Note that this bug references the 15 April 2008 working draft of the spec. Additionally, Firefox needs to line up with other browsers (or other browsers need to line up with Firefox :)) with regard to setRequestHeader('Accept', '') and setRequestHeader('Accept', null). See also discussion on the W3C WebAPI WG list: http://www.w3.org/mid/482C876A.2070205@students.cs.uu.nl http://www.w3.org/mid/482C87A8.30106@students.cs.uu.nl ~Grauw
Comment 2•13 years ago
|
||
If the user agent implements server-driven content-negotiation it must follow these constraints for the Accept and Accept-Language request headers: o Both headers must not be modified if they are already set through setRequestHeader(). o If not set through setRequestHeader() Accept-Language should be set as appropriate. o If not set through setRequestHeader() Accept must be set with as value */*. is all I can find about 'Accept' in <http://dev.w3.org/2006/webapi/XMLHttpRequest-2/>.
Status: UNCONFIRMED → NEW
Component: DOM: Core & HTML → DOM: Mozilla Extensions
Ever confirmed: true
OS: Windows Vista → All
Hardware: x86 → All
Version: unspecified → Trunk
Updated•11 years ago
|
Summary: XMLHttpRequest should not set default Accept header → XMLHttpRequest should set Accept to */* when not part of author headers
Assignee | ||
Updated•11 years ago
|
Component: DOM: Mozilla Extensions → DOM
Comment 3•9 years ago
|
||
I came across this bug via a random Google search. Setting a dependency. It may or may not already be fixed, but at least, it won't be an orphan any longer.
Blocks: xhr
Comment 5•8 years ago
|
||
Wow! It is 2016 and this bug in Firefox 44 still exists. Please fix to conform to the XMLHttpRequest standard.
Comment 6•8 years ago
|
||
The requirement is now in https://fetch.spec.whatwg.org/#concept-fetch
Whiteboard: dom-triaged btpp-backlog
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•5 years ago
|
Component: DOM → DOM: Core & HTML
You need to log in
before you can comment on or make changes to this bug.
Description
•