window open with headers

Question

Can I control the HTTP headers sent by window open  cross browser    If not  can I somehow window open a page that then issues my request with custom headers inside its popped-up window   I need some cunning hacks

User · Answer

Use POST instead

Although it is easy to construct a GET query using window.open(), it's a bad idea (see below). One workaround is to create a form that submits a POST request. Like so:

<form id="helper" action="###/your_page###" style="display:none">
<inputtype="hidden" name="headerData" value="(default)">
</form>

<input type="button" onclick="loadNnextPage()" value="Click me!">

<script>
function loadNnextPage() {
  document.getElementById("helper").headerData.value = "New";
  document.getElementById("helper").submit();
}
</script>

Of course you will need something on the server side to handle this; as others have suggested you could create a "proxy" script that sends headers on your behalf and returns the results.

Problems with GET

Query strings get stored in browser history,
can be shoulder-surfed
copy-pasted,
and often you don't want it to be easy to "refresh" the same transaction.

User · Answer

Can I control the HTTP headers sent by window open  cross browser     No     If not  can I somehow window open a page that then issues my request with custom headers inside its popped-up window     You can request a URL that triggers a server side program which makes the request with arbitrary headers and then returns the response You can run JavaScript  probably saying goodbye to Progressive Enhancement  that uses XHR to make the request with arbitrary headers  assuming the URL fits within the Same Origin Policy  and then process the result in JS       I need some cunning hacks      It might help if you described the problem instead of asking if possible solutions would work

User · Answer

If you are in control of server side  it might be possible to set header value in query string and send it like that  That way you could parse it from query string if it s not found in the headers   Just an idea    And you asked for a cunning hack

User · Answer

As the best anwser have writed using XMLHttpResponse except window open  and I make the abstracts-anwser as a instance    The main Js file is download js Download-JS         var download url   window BASE URL    waf p1 download rules       var download url   window BASE URL    waf p1 download logs by dt       function download33             var sender data     start time   2018-10-9    end time   2018-10-17            var x new XMLHttpRequest            x open  POST   download url  true           x setRequestHeader  Content-type   application json              x setRequestHeader  Access-Control-Allow-Origin                 x setRequestHeader  Authorization    JWT     localStorage token            x responseType    blob           x onload function e  download x response   test211 zip    application zip               x send  JSON stringify sender data        post-data

User · Answer

You can t  directly add custom headers with window open   in popup window    but to work that we have two possible solutions           Write Ajax method to call that particular URL with headers in a separate HTML file and use that HTML as url in lt i gt window open   lt  i gt     here is abc html                 ajax           url   ORIGIONAL URL           type   GET           dataType   json           headers                Authorization    Bearer     data id token              AuthorizationCheck    AccessCode    data checkSum                ContentType   application json                      success  function  result                  console log result                      error  function  error                     call html   window open    abc html        here CORS policy can block the request if CORS is not enabled in requested URL            You can request a URL that triggers a server-side program which makes the request with custom headers and then returns the response redirecting to that particular url       Suppose in Java Servlet  requestURL  we ll make this request              String   responseHeader  new String 2           responseHeader 0     Bearer     id token          responseHeader 1     AccessCode     checkSum           String url    ORIGIONAL URL            URL obj   new URL url           HttpURLConnection urlConnection    HttpURLConnection  obj openConnection            urlConnection setRequestMethod  GET            urlConnection setDoInput true           urlConnection setDoOutput true           urlConnection setRequestProperty  Content-Type    application json            urlConnection setRequestProperty  Accept    application json            urlConnection setRequestProperty  Authorization   responseHeader 0            urlConnection setRequestProperty  AuthorizationCheck   responseHeader 1            int responseCode   urlConnection getResponseCode            if  responseCode    HttpURLConnection HTTP OK                BufferedReader in   new BufferedReader new                           InputStreamReader urlConnection getInputStream                  String inputLine              StringBuffer response1   new StringBuffer                 while   inputLine   in readLine       null                    response1 append inputLine                             in close                response sendRedirect response1 toString                    print result             System out println response1 toString               else               System out println  GET request not worked                   call servlet in    window open   requestURL

[javascript] window.open with headers

Use POST instead

Examples related to javascript

Examples related to window.open