17

I have a web application lets call it server1:8080/amcd this application has a setting in it that allows a user to be auto logged in when i pass in a custom request header in the page request. This custom header is called "REMOTE_USER".

My plan is to have another page on another web application, lets call it server2:8080/ssoRedirect/test.html this app on server 2 is acting like a filter where i will pass in a URL parameter such as server2:8080/ssoRedirect/test.html?UserName=user1 this page will take the "user1" parameter and redirect to server1:8080/amcd page while injecting the "user1" value in the "REMOTE_USER" page request.

Any advice in how to I might accomplish this?

I was looking at some simple javascript like below but could not get it to work. 

<script>

var url = "http://localhost:8080/index.html?userName=user1"; // or window.location.href for current url
var usernameParam = /userName=([^&]+)/.exec(url)[1]; 
var result = usernameParam ? usernameParam : 'myDefaultValue';

 function customHeader(remoteinput, userinput) {
    var client = new XMLHttpRequest();
    client.open("POST", "/log");
    client.setRequestHeader(remoteinput, userinput);

}
    window.location.href = "http://ephesoft.eastus2.cloudapp.azure.com:8080/dcma/";

</script>

I am able to make this work when I use the Modify header plugin for chrome and firefox.

Image of not request page header

Rich
  • 5,603
  • 9
  • 39
  • 61
cmac
  • 203
  • 2
  • 3
  • 9
  • 2
    You cannot set custom headers if you are redirecting the user to a different page. `XMLHttpRequest` plays no part in redirection. – Felix Kling Feb 06 '16 at 03:38
  • An alternative solution would be to have one server proxy for another server; rather than redirecting, you'd have server1 perform the request with server2 with the header, then return the response from server2. – Jacob Feb 06 '16 at 05:05
  • So could I write a Java servlet and use that as a proxy? I Could not find a way to redirect on a servlet – cmac Feb 06 '16 at 15:06

1 Answers1

20

A web page can not set HTTP request headers unless you are making an async request using XMLHttpRequest. In this case you are not, you are doing a redirect, like clicking on an href. Instead of relying on custom headers, depending on your backend use any one of these:

  1. Cookies
  2. GET variables
  3. POST variables
kamikazeOvrld
  • 914
  • 8
  • 9
  • 1
    This is correct. See also https://stackoverflow.com/questions/7583461/redirect-to-page-and-send-custom-http-headers/41218304#41218304 – Vacilando Dec 12 '18 at 16:36