What is the setRequestHeader method used in pure AJAX in POST mode?

1

What is the use of this traditional method, like% AJAX% pure when POST requests are made by the client to a PHP application on the server? I am always required to use it with setRequestHeader value without knowing its true function. I'd also like to know the security holes already known to the community that might be caused on the server if PHP eventually gets a header with a different value than this, which for me as a layman is a default value. Is it mandatory?

    
asked by anonymous 18.09.2016 / 18:23

1 answer

2

XHR().setRequestHeader is used to define a header in the list of request headers. When you call it this way:

xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded")

You are setting the content type you are assigning in the "post" or "put" method request, there in the first parameter of XHR().send . The content type "application/x-www-form-urlencoded" only indicates that the content is in URL parameter format, for example: "?param=1&etc=2"

Headers are always used in requests, there is never a security risk to the server.

Check out this page , it lists headers that can be defined in a request. Note: Not all headers can be defined programmatically with the XHR().setRequestHeader method.

There is no security risk in relation to the headers. There is no such thing as not sending headers, and moreover they can not affect the server.

For more information, there is a specification for% here .

What can affect the server depends on your actions.

    
18.09.2016 / 21:32