
Security News
Crates.io Users Targeted by Phishing Emails
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
header-override
Advanced tools
Express middleware for overwritting headers using the request query or body. Useful when dealing with clients that don't allow setting request headers directly, for example older IE browsers that support the XDomainRequest
API.
npm install header-override
The middleware will add any additional header to req.headers
, overwritting already specified headers.
var headerOverride = require('header-override');
var express = require('express');
var app = express();
app.use(headerOverride());
By default the module looks for additional headers in the query (with the headers
key).
An example using XDomainRequest
.
var xdr = new XDomainRequest();
xdr.open('POST', '/?headers={"Content-Type":"application/json","Authorization":"token"}');
xdr.send(JSON.stringify({ json: true }));
This will set the Content-Type
header on the server to application/json
, and the Authorization
header to token
. Headers can be encoded as JSON, or when using express
that supports nested objects, it's possible to include the headers using brackets.
POST /?headers[Content-Type]=application/json&headers[Authorization]=token
It's also possible to specify how to retrieve additional headers. Passing a string as first argument to the module will use that string as query parameter name. The module also accepts a function which is expected to return the additional headers.
app.use(headerOverride('additionalHeaders')); // Look for headers in req.query.additionalHeaders
app.use(headerOverride(function(req, res) {
return req.body.headers;
}));
Use the allow
option to whitelist which headers may be overwritten.
app.use(headerOverride(null, { allow: ['Content-Type', 'Authorization'] }));
app.use(headerOverride(null, {
allow: function(req, res, header) {
return header === 'content-type';
}
}));
FAQs
Override HTTP headers
We found that header-override demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
The Rust Security Response WG is warning of phishing emails from rustfoundation.dev targeting crates.io users.
Product
Socket now lets you customize pull request alert headers, helping security teams share clear guidance right in PRs to speed reviews and reduce back-and-forth.
Product
Socket's Rust support is moving to Beta: all users can scan Cargo projects and generate SBOMs, including Cargo.toml-only crates, with Rust-aware supply chain checks.