1

I'm in firefox. Is there a way in javascript to make an http request with only custom headers? i.e. no cookie fields or user agent or anything, only what my js code specifies.

It should be base js not a library like jquery.

For example, trying to send Http GET without the 'Cookie' header, I tried already:

var myRequest = new XMLHttpRequest();
myRequest.open("GET", "http://asite.com");
myRequest.setRequestHeader("Cookie", '');
myRequest.send();

But I look in the developer console and the request was still sent with the session cookie. I also tried:

myRequest.setRequestHeader("Cookie", null);
sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
iPherian
  • 908
  • 15
  • 38
  • Did you have a look at [here](http://stackoverflow.com/questions/7686827/how-can-i-add-a-custom-http-header-to-ajax-request-with-js-or-jquery) ? – Chaya Sandamali Aug 15 '15 at 06:24
  • @chayasan srry I should've said, i'd prefer it to be base javascript – iPherian Aug 15 '15 at 06:40
  • @chayasan there's some non jquery there, but it doesn't seem to guarantee that the ONLY headers that will exist are the ones that I specify, rather it uses setRequestHeader() which modifies/adds an existing one. – iPherian Aug 15 '15 at 06:42
  • You can use setRequestHeader() in beforeSend method or create a header object and assign your custom key,value pairs. –  Aug 15 '15 at 06:43
  • @user238905 I tried but it didn't work on 'Cookie' header. – iPherian Aug 15 '15 at 07:06
  • There are only **some** (very few actually) request headers you can modify (I guess setting them to null/empty may have the effect of removing them) - I can't find the MDN page where I read this some months ago, sorry. – Jaromanda X Aug 15 '15 at 07:22

2 Answers2

2

You can use the fetch() method which will not include cookies by default (due to credentials defaulting to false in most usage scenarios).

Anne
  • 7,070
  • 1
  • 26
  • 27
1

Read this: https://fetch.spec.whatwg.org/#forbidden-header-name

This is a list of headers that can NOT be modified/removed in an xmlhttprequest:

Accept-Charset Accept-Encoding Access-Control-Request-Headers Access-Control-Request-Method Connection Content-Length Cookie Cookie2 Date DNT Expect Host Keep-Alive Origin Referer TE Trailer Transfer-Encoding Upgrade Via or starts with Proxy- or Sec- (including when it is just Proxy- or Sec-).

Jaromanda X
  • 53,868
  • 5
  • 73
  • 87