SyntaxFix

[javascript] AJAX post error : Refused to set unsafe header "Connection"

I have the following custom ajax function that posts data back to a PHP file. Everytime the post of data happens I get the following two errors :

Refused to set unsafe header "Content-length"
Refused to set unsafe header "Connection"

Code : 

function passposturl(url1, params, obj)
{
    //url1 = url1+"&sid="+Math.random();
    xmlHttp = get_xmlhttp_obj();
    xmlHttp.loadflag = obj;
    xmlHttp.open("POST", url1, true);
    //alert(url1);
    //alert(params);
    //alert(obj);
    //alert(params.length);
    xmlHttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
    xmlHttp.setRequestHeader("Content-length", params.length);
    xmlHttp.setRequestHeader("Connection", "close");
    xmlHttp.onreadystatechange = function ()
    {
        stateChanged(xmlHttp);
    };
    xmlHttp.send(params);
 }

What am I doing wrong?

This question is related to javascript ajax

The answer is

Remove these two lines:

xmlHttp.setRequestHeader("Content-length", params.length);
xmlHttp.setRequestHeader("Connection", "close");

XMLHttpRequest isn't allowed to set these headers, they are being set automatically by the browser. The reason is that by manipulating these headers you might be able to trick the server into accepting a second request through the same connection, one that wouldn't go through the usual security checks - that would be a security vulnerability in the browser.

Source: Stackoverflow.com

Examples related to javascript

need to add a class to an element How to make a variable accessible outside a function? Hide Signs that Meteor.js was Used How to create a showdown.js markdown extension Please help me convert this script to a simple image slider Highlight Anchor Links when user manually scrolls? Summing radio input values How to execute an action before close metro app WinJS javascript, for loop defines a dynamic variable name Getting all files in directory with ajax

Examples related to ajax

Getting all files in directory with ajax Cross-Origin Read Blocking (CORB) Jquery AJAX: No 'Access-Control-Allow-Origin' header is present on the requested resource Fetch API request timeout? How do I post form data with fetch api? Ajax LARAVEL 419 POST error Laravel 5.5 ajax call 419 (unknown status) How to allow CORS in react.js? Angular 2: How to access an HTTP response body? How to post a file from a form with Axios

Tags

Hidden-variables Xwiki Maze Service-tier .net-3.5 Image-compression Mysql-workbench System.web Winsxs Navigation-properties Drawable Virus-scanning Filebrowse Zend-server-ce Seam3 Reverse-dns Garnet-os Telerik Pscx Double-quotes Incoming-mail Returnurl Hbm2ddl New-project Windows-xp-sp3 Soap High-load Drupal Tridion Ascii-art Rainbowattack Slide Flux Nsnetservicebrowser Picker Evaluator Msxml4 Fat-client Urlrewriter Modern-languages Materialized-path-pattern Temporaries Drivers Icepdf Invocationtargetexception Alsa Loginview Character-class Linux-mint Uigesturerecognizer Hoptoad Dynamic-invoke Uialertsheet Hough-transform Compliant Exist-db Palib Viewdidload Rst2html.py Crontab Turbo-basic Acts-as-audited Build-triggers Firmware Awtrobot System.reactive Command-prompt Avvideocomposition Zend-queue Buckets Fan-page Bonjour Nsdatecomponents Itemeditor Uitabview Setuid Video-editing Isapi-wsgi Find-all-references Getopt-long Fragment-caching Tcpdump Text-decorations Qgraphicsitem Netbeans-platform Hid Spool Custom-model-binder Psi Proofs Ellipsis Containers Jvm-hotspot Consoleappender Mem-fun Asp.net-webcontrol Standard-library Report-designer Django-template-filters Aspbutton