0

I am trying to make a fecth transaction in javascript to a file of my server with the objetive of set a custom User-Agent.

The problem is that the headers are not being sent, because the UA which my simple backend is analyzing is the UA of my browser, nor the defined one.

I have tried to make an async method which send the UA Custom header to my server, to spoof it, here I leave the code of JS and PHP:

JS:

async methodTest(data) {
    try {
        let ua = await this.randUA.getGeneratedUA();
        let transaccion = await fetch("./assets/php/try.php", {
            method: 'GET',
            headers: {
                'User-Agent': 'Custom User Agent'
            },
        })

        transaccion;

        console.log(await transaccion.text())
    } catch (Exc) {
        console.log(Exc)
    }
}

PHP:

<?php
print_r(getallheaders())
?>

Expected result:

Array
(
[Host] => 127.0.0.1
[Connection] => keep-alive
[sec-ch-ua] => "Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"
[sec-ch-ua-mobile] => ?0
[User-Agent] => Custom User Agent
[sec-ch-ua-platform] => "Windows"
[Accept] => */*
[Sec-Fetch-Site] => same-origin
[Sec-Fetch-Mode] => cors
[Sec-Fetch-Dest] => empty
[Accept-Encoding] => gzip, deflate, br
[Accept-Language] => es
)

Real Result:

Array
(
[Host] => 127.0.0.1
[Connection] => keep-alive
[sec-ch-ua] => "Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"
[sec-ch-ua-mobile] => ?0
[User-Agent] => Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
[sec-ch-ua-platform] => "Windows"
[Accept] => */*
[Sec-Fetch-Site] => same-origin
[Sec-Fetch-Mode] => cors
[Sec-Fetch-Dest] => empty
[Accept-Encoding] => gzip, deflate, br
[Accept-Language] => es
)
apokryfos
  • 38,771
  • 9
  • 70
  • 114
Ssnov
  • 111
  • 3
  • Does this answer your question? [Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?](https://stackoverflow.com/questions/20035101/why-does-my-javascript-code-receive-a-no-access-control-allow-origin-header-i) also https://stackoverflow.com/questions/42815087/sending-a-custom-user-agent-string-along-with-my-headers-fetch – Tim Roberts Aug 27 '23 at 01:25
  • Chrome does not allow you to override the `User-Agent`. That's a reasonable position, because after all, it IS the user-agent here. – Tim Roberts Aug 27 '23 at 01:25
  • 1
    reading [documentation](https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name) (specifically the note about user-agent) helps - it's your code, so you can send whatever you like in whatever (user defined) header you like – Jaromanda X Aug 27 '23 at 03:29

0 Answers0