next »

[emonk]

 So is it possible to read the HTTP headers that the browser sends into a Javascript variable? In this case a custom header called 'X-??-Something'.

 'Everything I've read seems to say 'no', but I may be searching incorrectly, and I'd really like to be able to do this.

[vsloathe]

So is it possible to read the HTTP headers that the browser sends into a Javascript variable? In this case a custom header called 'X-??-Something'.

 'Everything I've read seems to say 'no', but I may be searching incorrectly, and I'd really like to be able to do this.

If the source domain is different from your own domain, then no it's not possible.

Well, it's really really hard to do anyway. You need to be a practitioner of the Deep Magic, and know a bit about the darker side. The makers of the Deep Magic never knew what their magic would eventually be used for, so they left a lot of portals into the dark realm open. You will need to find one in order to do what you seek to do.

[emonk]

So is it possible to read the HTTP headers that the browser sends into a Javascript variable? In this case a custom header called 'X-??-Something'.

 'Everything I've read seems to say 'no', but I may be searching incorrectly, and I'd really like to be able to do this.

If the source domain is different from your own domain, then no it's not possible.

Well, it's really really hard to do anyway. You need to be a practitioner of the Deep Magic, and know a bit about the darker side. The makers of the Deep Magic never knew what their magic would eventually be used for, so they left a lot of portals into the dark realm open. You will need to find one in order to do what you seek to do.

 I've already got the portal open.

 Now I just need a damned lantern. It's dark in here.

 For the sake of simplicity I'll describe the situation like this:

 My browser goes to mysite.com sending a custom HTTP header.   mysite.com executes a javascript which needs to be able to read that custom header.

 *EDIT* Just to clarify: I already know how to retrieve the response with xmlHTTP, but I need the request headers.

[vsloathe]

oh.

hmmmm...

ask Perk.

[emonk]

 Poor Perk.   

[perkiset]

My browser goes to mysite.com sending a custom HTTP header.   mysite.com executes a javascript which needs to be able to read that custom header.

 *EDIT* Just to clarify: I already know how to retrieve the response with xmlHTTP, but I need the request headers.

I'm really confused.

"My browser goes to mysite.com sending a custom HTTP header."
Is this a browser or a bot? Your browser won't spontaneously send a custom header up for you. So is a client-side JS doing something? What is sending the custom header?

"mysite.com executes a javascript which needs to be able to read the custom header."
So where are we now... at mysite.com? The server? or are we talking about client side processing that needs to read something that was sent from the server? And if this is the case, is this something like PHP that called header('X_myspecialheader' blah blah) and you want to read it in JS on the client side?

(Jeepers there ought to be a 101 class to discuss process and control flow, information directionality and the current owner of cooperative processing)

If what you're really saying is that you have a server script that is shipping a special header to the client and you want to be able to read that header in JS, I think you're SOL. The header is grabbed and interpreted by the browser software before you'll even get a crack at it. If I'm correctly guessing where you're hinting at going, then you'll need to use another mechanism, which may necessitate a slightly smarter client side app and perhaps moving data via cookies or something.

If all you want to do is pass information from the server to client and not have it interpreted, there are lots of ways to pull that off.

[emonk]

My browser goes to mysite.com sending a custom HTTP header.   mysite.com executes a javascript which needs to be able to read that custom header.

 *EDIT* Just to clarify: I already know how to retrieve the response with xmlHTTP, but I need the request headers.

I'm really confused.

"My browser goes to mysite.com sending a custom HTTP header."
Is this a browser or a bot? Your browser won't spontaneously send a custom header up for you. So is a client-side JS doing something? What is sending the custom header?

 Actually my browser IS sending a custom header, though it isn't really spontaneous. It's a firefox plugin doing the deed.

 The header is then received and processed via a server side language (probably PHP) on the server end, and what I'm trying to do is access that header without having access to the server side language. All I can control is some javascript that's been 'placed' into that server side scripts output.

 I've tried everything I can think of but my javascript-fu is not strong.

(Jeepers there ought to be a 101 class to discuss process and control flow, information directionality and the current owner of cooperative processing)

 I'd still screw it up.


 If anyone is bored they can hit me up on IM, and I'll be a little more open about the details.

[perkiset]

The header is then received and processed via a server side language (probably PHP) on the server end, and what I'm trying to do is access that header without having access to the server side language. All I can control is some javascript that's been 'placed' into that server side scripts output.

OK, so FF is sending a custom header (that's what I meant... there's something in addition to your browser that is doing the deed) to a server somewhere. Where are you trying to grab the header? Is this a man in the middle thing? You want to get in the way of the header? Or you simply want to see what it is before it's uploaded? Or you want to see what the RETURNING code headers contain?

And last and most importantly, is this a jimmied up rig for you, or are you trying to ... erm ... adapt this to be a custom feature for others that might be using this plugin?

[emonk]

The header is then received and processed via a server side language (probably PHP) on the server end, and what I'm trying to do is access that header without having access to the server side language. All I can control is some javascript that's been 'placed' into that server side scripts output.

OK, so FF is sending a custom header (that's what I meant... there's something in addition to your browser that is doing the deed) to a server somewhere. Where are you trying to grab the header? Is this a man in the middle thing? You want to get in the way of the header? Or you simply want to see what it is before it's uploaded? Or you want to see what the RETURNING code headers contain?

It's like this:

Code:

GET /mypage.php
 Other-Stuff: Normal crap
 X-??-Something: <--- The crap I want.

 My javascript is on mypage.php, but I can't do anything server side, or I'd just do something like apache_request_headers().

And last and most importantly, is this a jimmied up rig for you, or are you trying to ... erm ... adapt this to be a custom feature for others that might be using this plugin?

 Eh.... The second thing, I think.

[vsloathe]

There should be a way you can do it. You can set and get cookies with javascript, and they are part of the header.

[perkiset]

VS - Cookies are handled get/set via handlers specifically because they ARE cookies... there isn't some kind of raw access to cookies via a mechanism into the header. The packet handler sees the cookie header and then moves the N/V pairs into an array that JS can see, based on security context.

This is still very confusing to me.

Are you trying to work on the header on it's way OUT of the client? There is no execution of JS during a call to an outboard plugin, that is a dead end, unless you can get into the plugin code itself. There's also no way to snuggle JS code in between the browser throwing a request and the actual dispatch of that request, unless you're in the plug in's position.

If you are trying to capture something on it's way BACK IN to the client it's only slightly less impossible. The only way that comes immediately to mind would be to throw a concurrent request via XMLHTTPRequest and use the getAllResponseHeaders - but I think that's IE only.

If I had to tackle this I'd try to inject myself into the middle of the conversation and pull a man in the middle, which is the only way that I think you could reliably intercept, interpret and modify the conversation between the client and surfer.

[nop_90]

If it is a firefox plugin.
You can install a listener.
The listener can modify the headers, do what u want etc.

[emonk]

If it is a firefox plugin.
You can install a listener.
The listener can modify the headers, do what u want etc.

 I don't have access to the users browsers, other than running a little javascript.

[perkiset]

This is what I thought... which is why a MIM attack is about the only way you'll be able to accomplish it - if you can even pull that off.

[emonk]

 I think I found my answer. THERE IS ONLY XUL! 

 I guess I CAN control their browsers after all.