Skip to content

Allow custom HTTP headers #477

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
networkfusion wants to merge 1 commit into
base: main
Choose a base branch
from
+1 −1
Open

Allow custom HTTP headers #477

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion nanoFramework.System.Net.Http/Http/Headers/HttpHeaders.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ public HeaderEntry(
/// </summary>
public abstract class HttpHeaders
{
internal WebHeaderCollection _headerStore = new WebHeaderCollection(true);
internal WebHeaderCollection _headerStore = new WebHeaderCollection(false);
Copy link

Copilot AI Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Switching the backing store to new WebHeaderCollection(false) disables the restricted-header checks (see WebHeaderCollection.ThrowOnRestrictedHeader()), which changes behavior for known headers like Accept, Connection, Host, Content-Length, etc., not just custom X-* headers. Given HeaderInfoTable treats unknown headers as non-restricted, custom headers were already allowed before this change; please either update the PR title/description to reflect the broader behavior change, or narrow the change to only what’s needed for the reported issue.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

With restricted-header validation disabled, callers can now set headers that other parts of this library treat as managed/internal. For example, HttpContentHeaders.ContentLength reads/parses the Content-Length header from _headerStore and will throw if a user sets a non-numeric value via content.Headers.Add("Content-Length", ...). Consider keeping restrictions for headers that must remain controlled (e.g., Content-Length, Host, Transfer-Encoding) or adding explicit validation/guardrails in HttpHeaders.Add to prevent inconsistent state.

Suggested change
internal WebHeaderCollection _headerStore = new WebHeaderCollection(false);
internal WebHeaderCollection _headerStore = new WebHeaderCollection(true);

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Mar 30, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This line changes header-validation behavior globally for HttpRequestHeaders, HttpResponseHeaders, and HttpContentHeaders, but there are no unit tests asserting the new expected behavior. Please add tests that (1) verify previously-blocked standard headers (e.g., Accept) can now be added, and (2) define the intended behavior for managed headers like Content-Length (either still rejected or validated).

Copilot uses AI. Check for mistakes.

private readonly HttpHeaderType _allowedHeaderTypes;
private readonly HttpHeaderType _treatAsCustomHeaderTypes;
Expand Down
Loading