BrowserClient sets unsafe headers causing Chrome to report "Refused to set unsafe header"

[properius]

I'm using Rpc package and it uses http.BrowserClient to send API requests to the server.

However on each such send request, Chrome reports an error saying:

Refused to set unsafe header "user-agent"
Refused to set unsafe header "content-length"

These two headers are not allowed to be set as per http://www.w3.org/TR/XMLHttpRequest/#the-setrequestheader-method.

Shouldn't BrowserClient skip setting the headers that are not allowed by the browsers?

[Alan Knight]

I don't know. Is it better for it to silently skip it, or to tell you that it's not doing what you asked. Also, I'm not sure if we consistently get notification that it's not setting that header, or if it just gets suppressed. It would be bad if we had to hard-code the list of what wasn't allowed and then got out of sync with what was actually allowed. But by all means file a bug and we can investigate.

--
For other discussions, see https://groups.google.com/a/dartlang.org/
 
For HOWTO questions, visit http://stackoverflow.com/tags/dart
 
To file a bug report or feature request, go to http://www.dartbug.com/new

To unsubscribe from this group and stop receiving emails from it, send an email to misc+uns...@dartlang.org.

[properius]

While writing the bug I searched the code to figure out where the headers are set.

They are set in the Rpc package (/src/clients.dart). I guess in my case the problem is with ApiRequester.simpleRequest() method.

I'll file a bug with Rpc package. There won't be a need to hard-code the list of headers.

Thank you for sending me searching the code.