Newbe Dev Stack

Answer : It's not possible to read the current headers. You could make another request to the same URL and read its headers, but there is no guarantee that the headers are exactly equal to the current. Use the following JavaScript code to get all the HTTP headers by performing a get request: var req = new XMLHttpRequest(); req.open('GET', document.location, false); req.send(null); var headers = req.getAllResponseHeaders().toLowerCase(); alert(headers); Unfortunately, there isn't an API to give you the HTTP response headers for your initial page request. That was the original question posted here. It has been repeatedly asked, too, because some people would like to get the actual response headers of the original page request without issuing another one. For AJAX Requests: If an HTTP request is made over AJAX, it is possible to get the response headers with the getAllResponseHeaders() method. It's part of the XMLHttpRequest API. To see how this can be ap...

Answer : When you use $window.location.href the browser is making the HTTP request and not your JavaScript code. Therefore, you cannot add a custom header like Authorization with your token value. You could add a cookie via JavaScript and put your auth token there. The cookies will automatically be sent from the browser. However, you will want to review the security implications of using a cookie vs. a header. Since both are accessible via JavaScript, there is no additional attack vector there. Unless you remove the cookie after the new page loads, there may be a CSRF exploit available. This answer is NOT a safe way, as the token is exposed in the URL, which is logged in browser history, access logs, etc. Use a domain cookie instead. I'll leave the answer as it can be an easy way to debug in your local setup. I am using JWT as authentication on a Laravel PHP backend, and it works by putting ?token=... in the URL. For example, when using AngularJS with satellizer plug...

Answer : There is no way in Selenium to read the request or response headers. You could do it by instructing your browser to connect through a proxy that records this kind of information. Setting the User Agent in Firefox The usual way to change the user agent for Firefox is to set the variable "general.useragent.override" in your Firefox profile. Note that this is independent from Selenium. You can direct Selenium to use a profile different from the default one, like this: from selenium import webdriver profile = webdriver.FirefoxProfile() profile.set_preference("general.useragent.override", "whatever you want") driver = webdriver.Firefox(profile) Setting the User Agent in Chrome With Chrome, what you want to do is use the user-agent command line option. Again, this is not a Selenium thing. You can invoke Chrome at the command line with chrome --user-agent=foo to set the agent to the value foo . With Selenium you set it like this: fr...

Answer : Here is an example how to set a request header in a jQuery Ajax call: $.ajax({ type: "POST", beforeSend: function(request) { request.setRequestHeader("Authority", authorizationToken); }, url: "entities", data: "json=" + escape(JSON.stringify(createRequestObject)), processData: false, success: function(msg) { $("#results").append("The result =" + StringifyPretty(msg)); } }); This code below works for me. I always use only single quotes, and it works fine. I suggest you should use only single quotes or only double quotes, but not mixed up. $.ajax({ url: 'YourRestEndPoint', headers: { 'Authorization':'Basic xxxxxxxxxxxxx', 'X-CSRF-TOKEN':'xxxxxxxxxxxxxxxxxxxx', 'Content-Type':'application/json' }, method: 'POST', dataType: 'json', data: YourData, success: function(da...

Answer : A clear explanation from Daniel Irvine: There's a problem with 401 Unauthorized , the HTTP status code for authentication errors. And that’s just it: it’s for authentication, not authorization. Receiving a 401 response is the server telling you, “you aren’t authenticated–either not authenticated at all or authenticated incorrectly–but please reauthenticate and try again.” To help you out, it will always include a WWW-Authenticate header that describes how to authenticate. This is a response generally returned by your web server, not your web application. It’s also something very temporary; the server is asking you to try again. So, for authorization I use the 403 Forbidden response. It’s permanent, it’s tied to my application logic, and it’s a more concrete response than a 401. Receiving a 403 response is the server telling you, “I’m sorry. I know who you are–I believe who you say you are–but you just don’t have permi...

Answer : The resource could be being blocked by an extension (AdBlock in my case). The message is there because the request to retrieve that resource was never made, so the headers being shown are not the real thing. As explained in the issue you referenced, the real headers are updated when the server responds, but there is no response if the request was blocked. The way I found about the extension that was blocking my resource was through the net-internals tool in Chrome: For Latest Versions of chrome Type chrome://net-export/ in the address bar and hit enter. Start Recording. And save Recording file to local. Open the page that is showing problems. Go back to net-internals You can view Recorded Log file Here https://netlog-viewer.appspot.com/#import click on events (###) and use the textfield to find the event related to your resource (use parts of the URL). Finally, click on the event and see if the info shown tells you something. For Older Versions of chro...