add_header works as well with proxy_pass as without. I just today set up a configuration where I’ve used exactly that directive. I have to admit though that I’ve struggled as well setting this up without exactly recalling the reason, though. Right now I have a working configuration and it contains the following (among others): server … Read more
The Content-Type header is just used as info for your application. The browser doesn’t care what it is. The browser just returns you the data from the AJAX call. If you want to parse it as JSON, you need to do that on your own. The header is there so your app can detect what … Read more
Cache-Control was introduced in HTTP/1.1 and offers more options than Expires. They can be used to accomplish the same thing but the data value for Expires is an HTTP date whereas Cache-Control max-age lets you specify a relative amount of time so you could specify “X hours after the page was requested”. HTML Cache control … Read more
Idempotence refers to the state of the system after the request has completed In all cases (apart from the error issues – see below), the account no longer exists. From here “Methods can also have the property of “idempotence” in that (aside from error or expiration issues) the side-effects of N > 0 identical requests … Read more
There is no way to control headers sent by a browser while using JSONP. JSONP is a smart trick (or a hack, depending on how you see it…) that consist of inserting a <script> tag pointing to a server endpoint. Ultimately it is a browser who will decide which headers to sent while requesting scripts … Read more
You can use the IIS UrlRewrite module and add a custom outbound rule to configure the custom header. Here is a sample rule you may want to use: <system.webServer> <rewrite> <outboundRules> <rule name=”Set custom HTTP response header”> <match serverVariable=”RESPONSE_X_Robots_Tag” pattern=”.*” /> <conditions> <add input=”{REQUEST_URI}” pattern=”\.xml\.gz$” /> </conditions> <action type=”Rewrite” value=”The value you need for this … Read more
When you use $window.location.href the browser is making the HTTP request and not your JavaScript code. Therefore, you cannot add a custom header like Authorization with your token value. You could add a cookie via JavaScript and put your auth token there. The cookies will automatically be sent from the browser. However, you will want … Read more
Finally I solved the issue of session handling in Android. Android cant handle the session itself(which a simple browser can) so we have to handle it explicitly. I changed the code for http connection a bit. Created an instance of DefaultHttpClient in the first Activity when connection established. public static DefaultHttpClient httpClient; For the first … Read more
The HTTP RFC states, in section 15.1.3 Encoding Sensitive Information in URI’s : Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol. So, this is expected / standard behaviour.
Sure, use a Content-disposition header header(‘Content-Disposition: attachment; filename=”filetodownload.jpg”‘); if you wish to provide a default filename, but not automatic download, this seems to work. header(‘Content-Disposition: filename=”filetodownload.jpg”‘);