Details
-
Enhancement
-
Resolution: Fixed
-
P3
-
10, 11
-
b16
Backports
Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
---|---|---|---|---|---|---|
JDK-8212692 | 11.0.2 | Michael McMahon | P3 | Resolved | Fixed | b02 |
Description
A DESCRIPTION OF THE PROBLEM :
Apparenty, those headers are forbidden in HTTP client because XMLHttpRequest API forbids those. (https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name). XMLHttpRequest API forbids those, as allowing them would make Cross-origin resource sharing API insecure. This isn't an issue for Java HTTP client, as it doesn't implement CORS, and due to not being a web browser likely never will. This is useful, as some websites require those headers to work.
Apparenty, those headers are forbidden in HTTP client because XMLHttpRequest API forbids those. (https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name). XMLHttpRequest API forbids those, as allowing them would make Cross-origin resource sharing API insecure. This isn't an issue for Java HTTP client, as it doesn't implement CORS, and due to not being a web browser likely never will. This is useful, as some websites require those headers to work.
Attachments
Issue Links
- backported by
-
JDK-8212692 java.net.http HTTP client should allow specifying Origin and Referer headers
- Resolved
- blocks
-
JDK-8211308 Support HTTP/2 in WebView
- Resolved