HTTP Request Headers

88 views
Skip to first unread message

objectuser

unread,
Jan 3, 2012, 8:59:15 AM1/3/12
to google-a...@googlegroups.com
I would like to set an HTTP header on some of my requests in order to filter the requests properly.

Looking at the docs, there is a section on Request Headers that states is part:

An incoming HTTP request includes the HTTP headers sent by the client. For security purposes, some headers are sanitized or amended by intermediate proxies before they reach the application.

This leads me to believe that there should be some headers that I might be able to use that are not filtered.  I'm wondering if there is a list of headers anywhere that I might be able to browse through and potentially repurpose.  Based on another discussion in this group, I tried X-Forwarded-For, but that doesn't seem to make it through on the server (and since I've tried a variety of others with no luck).

Thanks for any help.

Barry Hunter

unread,
Jan 3, 2012, 9:45:35 AM1/3/12
to google-a...@googlegroups.com
Just make up your own X-... header - that will make it though - because nobody will know what it does, they wont touch it. 

The ones that are cleaned up are the ones with defined meanings. 

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/5yh9ECHYBRkJ.
To post to this group, send email to google-a...@googlegroups.com.
To unsubscribe from this group, send email to google-appengi...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.

objectuser

unread,
Jan 3, 2012, 11:49:11 AM1/3/12
to google-a...@googlegroups.com
Thanks for the suggestion.

I tried creating a header, X-My-Unique-Header, and though I can access it on the development server, I can't access it on the GAE host.

I've printed out all of the headers just in case I had something wonky and it's not there.

It seems like GAE is removing any headers that aren't on some white list.

objectuser

unread,
Jan 4, 2012, 8:35:39 AM1/4/12
to google-a...@googlegroups.com
My test client (GWT) had the app cached, so it was not getting the latest version.  Some refreshing loaded it and now I'm getting the header (the only thing that seems to be happening to it is it's converted to all lower case).

Anyway, it's working.  Thanks again for your suggestion, Barry.
Reply all
Reply to author
Forward
0 new messages