-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for specifying extra HTTP headers #777
Comments
Note: We've also seen requests from customers for setting multiple headers with the same header name. |
@whimboo Considering we had discussion around how |
The Browser Testing and Tools Working Group just discussed The full IRC log of that discussion<AutomatedTester> topic: Emulation - Support for specifying extra HTTP headers<AutomatedTester> github: https://github.com//issues/777 <AutomatedTester> jgraham: this is an extra command to alter extra HTTP Headers <AutomatedTester> ... I was hoping to get away with not doing this but it's isomorphic to adding this to network interception <sadym> q+ <AutomatedTester> ... there are ways that we can do that is described in the issues <gsnedders> q+ <simonstewart> q+ <AutomatedTester> ... there is an question around handling existing headers <AutomatedTester> ... so do we overwrite or append? <AutomatedTester> ack sadym <AutomatedTester> sadym: my question is around the spec of this. Can we actually spec it? <AutomatedTester> jgraham: yes, we can reuse the netwrok interception section <AutomatedTester> ... there is an interesting use case for handling this if you have these set in the network interception and you have set the value <AutomatedTester> ... there should be infra for this <AutomatedTester> sadym: there is a question to have a remove the headers later? <AutomatedTester> jgraham: yes we should have that <AutomatedTester> q? <AutomatedTester> ack gsnedders <AutomatedTester> gsnedders: on the question of multiple headers? I think in reality there have been 3 different sematics for headers... <dmurph> present- <AutomatedTester> ... e.g. with duplication that it takes `HEADER: Value1, Value2` <AutomatedTester> ... and set cookie headers do some magic <jgraham> q+ <AutomatedTester> ... so I am not sure we can come up with what we believe the sematics will be here <AutomatedTester> ack simonstewart <AutomatedTester> simonstewart: I think the logical order is to have set headers and then allow network interception to overwrite <gsnedders> i/headers do some magic/... first/last (I forget) header for a given name wins <gsnedders> s/we can come up with what /we can come up with a singular answer of what / <jimevans> q+ <AutomatedTester> ... it would be good to have a replace headers so that we don't have to worry about the heuristics of how these things are added over time to different specs <AutomatedTester> ack jgraham <AutomatedTester> jgraham: I don't think it will work to append <AutomatedTester> ... there are definitely use cases for replace more than append <AutomatedTester> ... we can have the default to override except for cookie where it appends <AutomatedTester> ... or we can have a mode that says append or override <gsnedders> q+ <AutomatedTester> ack jimevans <AutomatedTester> jimevans: the syntax for this is going to complex... combining override and append <jgraham> I am imagining `[{name: "X-Header", value: "foo", mode: "append"}]` with `mode` being optional <AutomatedTester> ... manipulating all network intercepts with one command is a little hard for to visualise <AutomatedTester> q? <AutomatedTester> ack gsnedders <gsnedders> https://fetch.spec.whatwg.org/#headers-class <AutomatedTester> gsnedders: I think it would be good to have a look at the Fetch API does for the developers <AutomatedTester> jgraham: let's do what they do...done <jgraham> So "append", "delete" and "set" as possible modes <AutomatedTester> jgraham: I would prefer 1 command <AutomatedTester> simonstewart: and I think we need to make sure that we have removed any form of ambiguity <jimevans> scribe+ <dotproto> +q <dotproto> -q |
It would be helpful for clients to have the ability to specify extra HTTP headers globally or for a specific set of browsing contexts. While custom HTTP headers can currently be set through network interception, it would simplify the process if we allowed headers to be set via a single command without relying on interception. These headers could then be automatically applied to all network activity within the specified browsing contexts.
This enhancement would enable more flexible testing scenarios, where each context can simulate different client headers, such as language settings (see #774), authentication tokens, or custom headers for API requests.
Use Cases
Multi-Context Testing: Simulating different user agents, authentication tokens, or localization settings (e.g.,
Accept-Language
) across various browsing contexts. This would help developers test how their application behaves when accessed by different types of clients in parallel.A/B Testing: Using different headers (e.g., feature flags) to simulate A/B testing environments within the same browser instance, but isolated to separate browsing contexts.
Authentication and Security Testing: Simulating different users with different authentication headers in separate tabs or frames. This allows the testing of security mechanisms and session isolation between tabs. This is some feature Cypress would benefit from given that it has to send a fixed set of authentication headers.
Proposal
Introduce an API that allows setting extra HTTP headers globally or for specific browsing contexts. The API would accept a list of context IDs along with the headers to be applied for each context.
The API could look like:
Command to set extra HTTP headers for multiple contexts:
Command to clear extra HTTP headers:
Benefits
Accept-Language
header) or client-specific behavior based on custom headers.Questions
headers
field and entries are specified?The text was updated successfully, but these errors were encountered: