4

I'm working on a website, and I've run into trouble modifying an HTTP Response header using (client-side) JavaScript. I have exactly zero idea how to do this. I know (roughly) how to make the 'for' loop to modify the header, but I don't know how to access the header within the script. Could y'all fine people help me with this fun task?

Zach Lysobey
  • 14,959
  • 20
  • 95
  • 149
bluebunny
  • 295
  • 3
  • 13
  • 3
    mind if I ask what you're trying to accomplish by doing this? – Zach Lysobey Jan 15 '14 at 22:07
  • 1
    But I think this has your answer: http://stackoverflow.com/questions/220231/accessing-the-web-pages-http-headers-in-javascript – Zach Lysobey Jan 15 '14 at 22:08
  • I'm not sure you can do this. Javascript doesn't process the response until after the headers have been received. – Barmar Jan 15 '14 at 22:08
  • JavaScript is the wrong layer (typically) to set HTTP Response headers... Are you using node.js or something? – scunliffe Jan 15 '14 at 22:08
  • 2
    @Barmar: Depends on where the JavaScript is running. If it's running on the server... – T.J. Crowder Jan 15 '14 at 22:08
  • It would make sense if he was doing this via AJAX, correct? Wouldn't necessarily have to be node. – Zach Lysobey Jan 15 '14 at 22:09
  • 1
    @T.J.Crowder Unless they specifically say they're using something like Node.js, I'm going to regularly assume that JS == client, not server. – Barmar Jan 15 '14 at 22:09
  • 1
    Alright, for clarification: I need to modify the response header to remove X-Frame-Options to load one site in an iFrame. Is it possible to have the script run after receipt of the header, then pass the header along to the iFrame afterwards? – bluebunny Jan 15 '14 at 22:10
  • Also, @scunliffe I'm using clientside JS – bluebunny Jan 15 '14 at 22:10
  • 1
    No, you can't override X-Frame-Options with JS, that would defeat the purpose. – Barmar Jan 15 '14 at 22:11
  • @crashcheetos you're not going to be able to remove headers that were already sent (especially if the site that sent them isn't yours). – scunliffe Jan 15 '14 at 22:13

1 Answers1

7

With client-side JavaScript (JavaScript running in a browser), you can't do this; by the time the JavaScript code runs, the headers have already been processed.

Zach Lysobey
  • 14,959
  • 20
  • 95
  • 149
T.J. Crowder
  • 1,031,962
  • 187
  • 1,923
  • 1,875
  • Hey T.J., I'll defer to your experience, but generally I'd comment on an answer like this that it is better suited as a comment, as it really just asks for clarification... – Zach Lysobey Jan 15 '14 at 22:11
  • 1
    @ZachL: I was 99% sure the OP meant client-side. That 1% is why I went with CW. :-) (Well, that and there were at least three comments saying "You can't do this with client-side JavaScript..." :-) ) Making it an *answer* means that if I was right about the OP meaning client-side, it's something they can accept. (You can't "accept" a comment.) – T.J. Crowder Jan 15 '14 at 22:13
  • 1
    ahhh.. didn't notice the CW tag. Thanks for clarifying. Hope you don't mind I went ahead and removed the "server-side" part from your answer after editting "client-side" into the question. – Zach Lysobey Jan 15 '14 at 22:14
  • If I were to implement the proper code server-side, then what code would I need / where the hell would I put this in terms of site directory? – bluebunny Jan 15 '14 at 22:27