We use cookies to give you the best experience on our website. If you continue to browse, then you agree to our privacy policy and cookie policy. Image for the cookie policy date

Refused to set unsafe header "Cookie"

I have implemented the suggestions found here in this thread:


https://www.syncfusion.com/forums/155742/adding-jwt-to-saveurl-http-post


But I am getting a message output into my browser window:

Refused to set unsafe header "Cookie"


I am attaching the ASP.NET Identity cookie and passing it to the controller as the domain name is the same across my applications.  I am also doing this with other controllers in my application currently.


It appears I have to set withCredentials = true but I am not seeing how to do this.  Any suggestions/guidance here would be appreciated.


10 Replies 1 reply marked as answer

SP Sureshkumar P Syncfusion Team April 4, 2022 01:39 PM UTC

Hi Mike-E,


We have validated your requirement with the same code example which is your referenced forum. But we cannot replicate the reported issue from our end. we have attached a validated sample in the attachment.


If still, you have faced the same issue, please update the below details.

  1. Whether you have used our uploader in the server-side or client-side application?

  2. Update the exact Syncfusion package version details.

  3. If you have faced the issue in any specific browser, then update the browser details.

These details will help us to provide an exact solution as earlier as possible.


Regards,

Sureshkumar P


Attachment: Client_Hosted_Blazor_15b1873.zip


MI Mike-E April 4, 2022 02:01 PM UTC

Thank you very much for your reply Sureshkumar, and for making the solution. Note that the problem is when you do the following:


args.CurrentRequest = new List<object>

{

new

{

Cookie = "hello=world",

}

};


Authorization works, but Cookie does not. Please confirm.



SP Sureshkumar P Syncfusion Team April 5, 2022 11:39 AM UTC

Mike-E,


You get that error from Chrome because, per the XHR specification, the setRequestHeader method should not set headers with a forbidden header name.


Forbidden header name list documentation: https://fetch.spec.whatwg.org/#forbidden-header-name


To know more about this issue, please refer to the common forum link here: https://social.msdn.microsoft.com/Forums/vstudio/en-US/74b23df2-15ab-40d2-adf9-8af5cae654e2/refused-to-set-unsafe-header-cookie?forum=netfxjscript


Regards,

Sureshkumar P



MI Mike-E April 5, 2022 02:56 PM UTC

Thank you for your further reply Sureshkumar.  That might be the default functionality, but as I mentioned in my original post, this can be overridden with withCredentials = true:


https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/withCredentials

https://stackoverflow.com/a/27407440



SP Sureshkumar P Syncfusion Team April 6, 2022 11:07 AM UTC

We cannot be overridden the issue by using withCredentials = true. To know more about this please refer to the below stack overflow link:


https://stackoverflow.com/questions/15198231/why-cookies-and-set-cookie-headers-cant-be-set-while-making-xmlhttprequest-usin



MI Mike-E April 6, 2022 11:15 AM UTC

Hi Sureshkumar note that the link you provided is for node.js, whereas the context and links that I have provided are for in the browser.

Additionally, please note that even though the link you provided is for node.js, it too also offers an override (setDisableHeaderCheck(true)) as denoted by one of the answers:

https://stackoverflow.com/a/15267262


So while the original behavior does not support cookies, they can be overridden in both the browser and node.js with overrides.  However, in the case of the browser, it would seem that Syncfusion's File Upload control does not provide the functionality to do so at the moment.



SP Sureshkumar P Syncfusion Team April 7, 2022 03:13 PM UTC

Based on your shared information, we have validated your reported requirement from our end. We will update you with further details in one business day (April 8th,2022).



SP Sureshkumar P Syncfusion Team April 11, 2022 12:30 PM UTC

Thanks for your shared information. We have confirmed the reported issue is an issue at our end and this fix will be included in our upcoming patch release, which is expected to be rolled out on April 26th,2022.

You can track the status of this issue from the below feedback.

Feedback: https://www.syncfusion.com/feedback/34077


Disclaimer: Inclusion of this solution in the weekly release may change due to other factors including but not limited to QA checks and works reprioritization


Marked as answer

MI Mike-E April 11, 2022 02:19 PM UTC

Great, thank you so very much @Sureshkumar & team!



PO Prince Oliver Syncfusion Team April 12, 2022 04:48 AM UTC

Most welcome, we are glad to assist you.


Loader.
Up arrow icon