i try to modify the Referer header of with the JDK-11 HttpClient.
import java.io.IOException;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
public class Test {
public static final void main(final String[] argc) throws IOException, InterruptedException {
final HttpClient client = HttpClient.newHttpClient();
final HttpRequest request = HttpRequest.newBuilder()
.uri(URI.create("http://suche.org/refererDemo"))
.header("Referer", "google.com")
.build();
final HttpResponse<String> ret = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println("ret: "+ret.body());
}
}
But i receive the error:
Exception in thread "main" java.lang.IllegalArgumentException: restricted header name: "Referer"
at java.net.http/jdk.internal.net.http.common.Utils.newIAE(Utils.java:246)
at java.net.http/jdk.internal.net.http.HttpRequestBuilderImpl.checkNameAndValue(HttpRequestBuilderImpl.java:110)
at java.net.http/jdk.internal.net.http.HttpRequestBuilderImpl.header(HttpRequestBuilderImpl.java:126)
at java.net.http/jdk.internal.net.http.HttpRequestBuilderImpl.header(HttpRequestBuilderImpl.java:43)
at Test.main(Test.java:12)
Normally i would expect that any valid host should be accepted. Since this is used for access control on some side. Is this an bug or is there an new way for setting the referer ?
The question is in two ways different from the question about the "Host" header. Host header is set based on the url. This can be modified via dns or etc/host resolution. This is not possible with the "Referer" because there the client does not know the previous host or url that cause this call. And even the value if valid it is rejected. It can be either: - Full URL - Url without Path - Only domain name
