相关文章推荐
发财的蚂蚁  ·  方法: GridView を使用する ...·  6 月前    · 
豪情万千的路灯  ·  mysql查询大于某个时间点的sql语句_m ...·  7 月前    · 
踏实的毛衣  ·  java8 stream取出 ...·  8 月前    · 
逆袭的山寨机  ·  mysql查询like多个值_mysql ...·  9 月前    · 
胡子拉碴的水煮鱼  ·  python ...·  1 年前    · 
Code  ›  http - Java HttpURLConnection setRequestProperty is not setting custom header key - Stack Overflow
https://stackoverflow.com/questions/67324565/java-httpurlconnection-setrequestproperty-is-not-setting-custom-header-key
爽快的春卷
1 年前
Collectives™ on Stack Overflow

Find centralized, trusted content and collaborate around the technologies you use most.

Learn more about Collectives

Teams

Q&A for work

Connect and share knowledge within a single location that is structured and easy to search.

Learn more about Teams

I want to send a custom http header request and I set the the custom keys like this: 

con.setRequestProperty("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9");
con.setRequestProperty("Accept-Encoding", "gzip, deflate, br");
con.setRequestProperty("Accept-Language", "ro-RO,ro;q=0.9,en-US;q=0.8,en;q=0.7");
con.setRequestProperty("Cache-Control", "max-age=0");
con.setRequestProperty("sec-ch-ua", "\" Not A;Brand\";v=\"99\", \"Chromium\";v=\"90\", \"Google Chrome\";v="90"");
con.setRequestProperty("sec-ch-ua-mobile", "?0");
con.setRequestProperty("Sec-Fetch-Dest", "document");
con.setRequestProperty("Sec-Fetch-Mode", "navigate");
con.setRequestProperty("Sec-Fetch-Site", "none");
con.setRequestProperty("Sec-Fetch-User", "?1");
con.setRequestProperty("Upgrade-Insecure-Requests", "1");
con.setRequestProperty("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.93 Safari/537.36");

The problem is that all properties that start with "sec" or "Sec" are not acctualy set.


I tested this with the method getRequestProperty right after setting them with setRequestProperty.


I also tested this by intercepting the https traffic with fiddler.


I also tried to set the request property using the method addRequestProperty instead setRequestProperty but the result was the same.


Why isn't Java accepting some of the properties?


UPDATE


Simple example:


import java.io.IOException;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.logging.Level;
import java.util.logging.Logger;
public class SetRequestProperty_example {
    public static void main(String[] args) {
        try {
            URL url = new URL("http://xyz.abc");
            HttpURLConnection con = (HttpURLConnection) url.openConnection();
            con.setRequestProperty("Sec-Fetch-Dest", "document");
            //con.addRequestProperty("Sec-Fetch-Dest", "document"); //same problem appears with addRequestProperty
            String check = con.getRequestProperty("Sec-Fetch-Dest");
            if(check==null) {
                System.err.println("Problem detected");
            } else {
                System.err.println("Problem solved");
        } catch (IOException ex) {
            Logger.getLogger(SetRequestProperty_example.class.getName()).log(Level.SEVERE, null, ex);

This simple code displays "Problem detected", what should I write to display "Problem solved"?


UPDATE
This is weird but if I change the request property name from "Sec-Fetch-Dest" to "SSec-Fetch-Dest" then the property is set fine. This does not solve the problem but I think it could be a useful information.


According to mozilla documentation, headers starting with "Sec" are part of the forbidden list, so they cannot be "in theory" modified programmatically.


A forbidden header name is the name of any HTTP header that cannot be modified programmatically; specifically, an HTTP request header name (in contrast with a Forbidden response header name).


Modifying such headers is forbidden because the user agent retains full control over them. Names starting with Sec- are reserved for creating new headers safe from APIs using Fetch that grant developers control over headers, such as XMLHttpRequest.
Source: https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name


For this reason, when you try to invoke the "setRequestProperty" method, the header is not stored.


If you are on Java 11 or higher you can also try to use HttpClient, I tested the code and it's storing the header correctly on runtime, here is an example:


 HttpClient httpClient = HttpClient.newBuilder()
      .version(HttpClient.Version.HTTP_1_1)
      .connectTimeout(Duration.ofSeconds(10))
      .build();
 HttpRequest request = HttpRequest.newBuilder(
      URI.create("http://xyz.abc"))
      .header("Sec-Fetch-Dest", "document")
      .build();
 HttpResponse<String> response = httpClient.send(request, HttpResponse.BodyHandlers.ofString());
// print status code
System.out.println(response.statusCode());
// print response body
System.out.println(response.body());
        
Thanks for contributing an answer to Stack Overflow!
  • Please be sure to answer the question. Provide details and share your research!
But avoid
  • Asking for help, clarification, or responding to other answers.
  • Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
 
推荐文章
发财的蚂蚁  ·  方法: GridView を使用する ListView で行のスタイルを設定する - WPF .NET Framework | Microsoft Learn
6 月前
豪情万千的路灯  ·  mysql查询大于某个时间点的sql语句_mob64ca12f15103的技术博客_51CTO博客
7 月前
踏实的毛衣  ·  java8 stream取出 最大值/最小值_stream().filter()过滤出一个时间最大值-CSDN博客
8 月前
逆袭的山寨机  ·  mysql查询like多个值_mysql like多个值-CSDN博客
9 月前
胡子拉碴的水煮鱼  ·  python “字符串转为变量名“的实现方法_python中怎么将字符串转换为背后所代表的变量名-CSDN博客
1 年前
今天看啥   ·   Py中国   ·   codingpro   ·   小百科   ·   link之家   ·   卧龙AI搜索
删除内容请联系邮箱 2879853325@qq.com
Code - 代码工具平台
© 2024 ~ 沪ICP备11025650号