miscoded

the web is a hack

Java's setRequestProperty supported, with a caveat

Thursday, 20. April 2006, 08:46:43

Just a morsel of technical documentation..

Opera's Java implementation will now support HTTPUrlConnection.setRequestProperty but for security reasons (to prevent so called "request smuggling attacks") it will not permit sending several headers. These headers include "Host", "Content-length" and "Transfer-Encoding".

This is the same security policy we apply to the XMLHttpRequest object and I believe the Flash plugin does the same thing for its ActionScript implementation.

key eventsGoogle maps and event transparency

Comments

Scott # 20. April 2006, 14:39

Since you don't permit the sending of host headers, is Opera totally against HTTP 1.1 when requests are sent in these contexts?

Hallvord R. M. Steen # 30. April 2006, 14:00

No. To clarify: these headers are added as required but by Opera itself. A Java applet or XMLHttpRequest script may not modify these values.

Write a comment

Hallvord R. M. Steen

All sufficiently advanced simplicity is undistinguishable from complexity

Blog search

Download Opera, the fastest and most secure browser

Latest comments

Misc

Perspective
xkcd on Firefox

Recent visitors