0

I have one curl command which is responding ok. But same thing when I am trying in java script, it is not giving success.

Curl command that I am running in dos: 

curl "http://serverip/live/test01/test01_mcs.isml/playlist_high.mpd" -H "Host:actualServer.net" -i

This returns a play url.

Same thing I am trying to mimic in JavaScript as

var xhttp = new XMLHttpRequest();
  xhttp.open("POST", "http://serverip/live/test01/test01_mcs.isml/playlist_high.mpd", true);  
  xhttp.setRequestHeader("Host", "actualServer.net");
  xhttp.setRequestHeader("Access-Control-Allow-Origin", "*");
  xhttp.send();

This gives error as "Refused to set unsafe header Host"

I tried http get also, but same response.

I tried in Java's AsynHttpClient using asyncHttpClient.post(url,new ResponseHandler());.

I tried Java's AsynHttpCLient using asyncHttpClient.post(mContext, url, entity, contentType, new ResponseHandler()) also. In this I tried passing my host in entity, but no luck.

I am out of options now. Any help or suggestions are much appreciated.

gavdix
  • 358
  • 1
  • 2
  • 21
  • Java is not JavaScript - which are you looking for? Or do you just need it to work in either? – zfrisch Aug 30 '18 at 14:51
  • either is ok for me. I started with Java then shifted in JavaScript. But as you asked Java's solution is more preferable. Thanks – gavdix Aug 30 '18 at 14:53
  • Browsers set the Host header — after running your frontend JavaScript code — with the value set to actual host. The actual request headers that the browser sends out in the end are not accessible from your frontend JavaScript code. So even if the browser allowed you to set the Host header from and XHR request, the browser would just end up overwriting the value with the real host value. (Incidentally, for frontend JavaScript code running in a browser, I’d wonder why you’d ever want to (try to) set the Host value from your frontend code anyway…) – sideshowbarker Aug 30 '18 at 15:19
  • Check [this question](https://stackoverflow.com/questions/5822985/cross-domain-resource-sharing-get-refused-to-get-unsafe-header-etag-from-re) – James Aug 30 '18 at 15:21

0 Answers0