Share cookies between subdomain and domain

If you set a cookie like this: Set-Cookie: name=value then the cookie will only apply to the request domain, and will only be sent for requests to the exact same domain, not any other subdomains. (See What is a host only cookie?) Two different domains (e.g. and, or and can only … Read more

Correctly switching between HTTP and HTTPS using .htaccess

I use something similar to this for my admin folder in wordpress: #redirect all https traffic to http, unless it is pointed at /checkout RewriteCond %{HTTPS} on RewriteCond %{REQUEST_URI} !^/checkout/?.*$ RewriteRule ^(.*)$$1 [R=301,L] The RewriteCond %{HTTPS} on portion may not work for all web servers. My webhost requires RewriteCond %{HTTP:X-Forwarded-SSL} on, for instance. If … Read more

Chunked encoding and content-length header

No: “Messages MUST NOT include both a Content-Length header field and a non-identity transfer-coding. If the message does include a non-identity transfer-coding, the Content-Length MUST be ignored.” (RFC 2616, Section 4.4) And no, you can use Content-Length and stream; the protocol doesn’t constrain how your implementation works.

How to pass basic auth credentials in API call for a Flutter mobile application?

Assuming that your server expects that the username:password combo will be encode it UTF-8 (see RFC 7617 for more details) then use this: import ‘dart:convert’; import ‘package:http/http.dart’; main() async { String username=”test”; String password = ‘123£’; String basicAuth=”Basic ” + base64.encode(utf8.encode(‘$username:$password’)); print(basicAuth); Response r = await get(Uri.parse(‘’), headers: <String, String>{‘authorization’: basicAuth}); print(r.statusCode); print(r.body); }

Multiple HTTP Authorization headers?

**** UPDATE Feb 2021 *** Please read the comments to this response. Their general conclusion seems to be that some web servers accept multiple Authorization schemes, but that it goes against RFC 7230/7235 **** This should be possible, you just have to add a comma between field values, e.g: GET /presence/alice HTTP/1.1 Host: Authorization: … Read more

Is a slash (“/”) equivalent to an encoded slash (“%2F”) in the path portion of an HTTP URL

From the data you gathered, I would tend to say that encoded “” in an uri are meant to be seen as “” again at application/cgi level. That’s to say, that if you’re using apache with mod_rewrite for instance, it will not match pattern expecting slashes against URI with encoded slashes in it. However, once … Read more