I would like to send CoAP request using CoAP plugins Cooper in Firefox, but have no idea how to add header to this request. Does anyone have an idea how to add header to the request using CoAP plugins Cooper.
Thank you
CoAP cannot have a Header. It only has set of options. Copper allows you to set some default options for a request.
Related
We have come across an issue in production logs where "Accept-Language" is missing in the http request from the browser. Although I am not able to replicate it so I want to understand any valid use case where any specific browser may send a request without "Accept-Language" header.
Even GET / HTTP/1.0 is a valid HTTP request. You can create one from the telnet client if you wish and it will still return a result from the server!
Accept-Language is a header to aid in content negotiation and is optional. The most widely used browsers send the correct headers, but there may be corporate proxies who may be filtering such headers. You should not rely on this header being present.
Just curious, I can see some http2 pseudo headers fields like :method,
:scheme,:authority when I go to some website that has enabled http2.
Example, for homepage of www.ft.com, there are these pseudo request headers:
:authority:www.ft.com
:method:GET
:path:/
:scheme:https
Is it possible to read/modify those fields in chrome extension, just like we can read/modify Cookie, Referer, User-Agent?
Or if it is not possible in chrome, can we do it in other browsers like firefox?
So all HTTP/2 headers start with a : (to distinguish them from HTTP/1.x headers)
Not aware of any extensions to alter them, but I guess the real question is why would you want to?
The security headers like
x-content-type-options:nosniff
x-frame-options:SAMEORIGIN
x-ua-compatible:IE=edge, chrome=1
x-xss-protection:1; mode=block
should be request or response headers? And why?
All of those headers (like most http security headers) are used by the browser to enable security features in the browser.
Therefore they need to be in the response headers sent by the server to the browser.
It would do nothing to set them in the request header (sent from browser to server) as they are not used by the server.
it should be response header , for example : x-content-type-options:nosniff: This is a security feature that helps prevent attacks based on MIME-type confusion. you can read complete details on Veracode Site, Owasp Site ,
MSDN Site
I just could not get the http-proxy module to work properly as a forward proxy. It works great as a reverse proxy. Therefore, I have implemented a node-based forward proxy using node's http and net modules. It works fine, both with http and https. I will deal with websockets later. Among other things, I want to log the URLs visited or requested through a browser. In the request object, I do get the URL, but as expected, when a page loads, a zillion other requests are triggered, including AJAX, third-party ads, etc. I do not want to log these.
I know that I can distinguish an AJAX request from the x-requested-with header. I can distinguish requests coming from a browser by examining the user-agent header (though these can be spoofed thru cURL). I want to minimize the log entries.
How do commercial proxies log such info? Or do they just log every request? One way would be to not log any requests within a certain time after the main request presuming that they are all associated with the main request. That would not be technically accurate.
I have researched in this area but did not find any solution. I am not looking for any specific code, just some direction...
No one can know that with precision, but you can find clues such as, "HTTP referer", "x-requested-with" or add your custom headers in each ajax request (squid proxy by default sends a "X-Forwarded-For" which says he is a proxy), but anybody can figure out what headers are you sending for your requests or copy all headers that a common browser sends by default and you will believe it is a person from a browser, but could be a bash cURL sent by a bot.
So, really, you can't know for example, if a request is an AJAX request because the headers aren't mandatory, by default your browser or your framework adds an x-requested-with or useful information to help to "guess" who is performing the request.
I want to enable GZip compression on my controller actions using IIS's doDynamicCompression configuration option.
The question is what will happen if one of my users uses a browsers that doesnt support GZip - would IIS detect it and send it uncompressed?
When your users send request to the serveur, the Browser send a header Accept-Encoding.
This header specifies to the server with compresssions methods are accepted by the Browser.
For exemple "deflate,gzip", "gzip" or nothing.
IIS parses this Header to compress or not the response.