The proxy can add extra (or overwrite) headers to requests it receives and passes through to the back-end. These can be used to communicate information to the back-end. So far I’ve seen a couple used for forcing the use of https in URL scheme: X-Forwarded-Protocol: https X-Forwarded-Ssl: on X-Url-Scheme: https And wikipedia also mentions: # … Read more
You can use HttpServletRequest.getScheme() to retrieve either “http” or “https”. Using it along with HttpServletRequest.getServerName() should be enough to rebuild the portion of the URL you need. You don’t need to explicitly put the port in the URL if you’re using the standard ones (80 for http and 443 for https). Edit: If your servlet … Read more
For Express 3: var express = require(‘express’); var app = express(); var server = app.listen(5001); server.on(‘connection’, function(socket) { console.log(“A new connection was made by a client.”); socket.setTimeout(30 * 1000); // 30 second timeout. Change this as you see fit. });
CSRF protection comes in a number of methods. The traditional way (the “Synchronizer token” pattern) usually involves setting a unique valid Token value for each request and then verifying that unique value when the request is subsequently sent in. It is usually done by setting a hidden form field. The token value is usually short … Read more
Normal (GET) requests do not have a Content-Type header. For POST requests it would appear as $_SERVER[“CONTENT_TYPE”], with a value like multipart/form-data or application/x-www-form-urlencoded. This is mandated by the CGI/1.1 specification: http://www.ietf.org/rfc/rfc3875.
Firstly, the relevant HTTP spec is RFC 7234. If you look at the spec you will observe two things: The spec never requires, under any circumstances, that a cache serves a cached version of content without revalidating. There are plenty of places where the spec notes that a cache MUST NOT use cached content to … Read more
No, it does not matter for headers with different names. See RFC 2616, section 4.2: The order in which header fields with differing field names are received is not significant. However, it is “good practice” to send general-header fields first, followed by request-header or response- header fields, and ending with the entity-header fields. It DOES … Read more
The difference can be found in the specifications, in this case RFC 7231: 5.3.2. Accept The “Accept” header field can be used by user agents to specify response media types that are acceptable. 3.1.1.5. Content-Type The “Content-Type” header field indicates the media type of the associated representation The Accept header always indicates what kind of … Read more
Content-Language, an entity header, is used to describe the language(s) intended for the audience, so that it allows a user to differentiate according to the users’ own preferred language. Entity headers are used in both, HTTP requests and responses.1 Accept-Language, a request HTTP header, advertises which languages the client is able to understand, and which … Read more