header-override
v1.0.0
Published
Override HTTP headers
Downloads
9
Readme
header-override
Express middleware for overwritting headers using the request query or body. Useful when dealing with clients that don't allow setting request headers directly, for example older IE browsers that support the XDomainRequest
API.
npm install header-override
Usage
The middleware will add any additional header to req.headers
, overwritting already specified headers.
var headerOverride = require('header-override');
var express = require('express');
var app = express();
app.use(headerOverride());
By default the module looks for additional headers in the query (with the headers
key).
An example using XDomainRequest
.
var xdr = new XDomainRequest();
xdr.open('POST', '/?headers={"Content-Type":"application/json","Authorization":"token"}');
xdr.send(JSON.stringify({ json: true }));
This will set the Content-Type
header on the server to application/json
, and the Authorization
header to token
. Headers can be encoded as JSON, or when using express
that supports nested objects, it's possible to include the headers using brackets.
POST /?headers[Content-Type]=application/json&headers[Authorization]=token
It's also possible to specify how to retrieve additional headers. Passing a string as first argument to the module will use that string as query parameter name. The module also accepts a function which is expected to return the additional headers.
app.use(headerOverride('additionalHeaders')); // Look for headers in req.query.additionalHeaders
app.use(headerOverride(function(req, res) {
return req.body.headers;
}));
Use the allow
option to whitelist which headers may be overwritten.
app.use(headerOverride(null, { allow: ['Content-Type', 'Authorization'] }));
app.use(headerOverride(null, {
allow: function(req, res, header) {
return header === 'content-type';
}
}));