Skip to content

Commit

Permalink
Restore description of headers modification restrictions (mdn#35165)
Browse files Browse the repository at this point in the history
* Restore description of headers guards

* Rewrite

* Fix

* Move description
  • Loading branch information
Josh-Cena authored Jul 26, 2024
1 parent 4dec42e commit 7b21121
Show file tree
Hide file tree
Showing 2 changed files with 18 additions and 14 deletions.
5 changes: 0 additions & 5 deletions files/en-us/web/api/headers/delete/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -11,11 +11,6 @@ browser-compat: api.Headers.delete
The **`delete()`** method of the {{domxref("Headers")}}
interface deletes a header from the current `Headers` object.

This method throws a {{jsxref("TypeError")}} for the following reasons:

- The value of the name parameter is not the name of an HTTP header.
- The value of {{Glossary("Guard")}} is `immutable`.

For security reasons, some headers can only be controlled by the user agent. These
headers include the {{Glossary("Forbidden_header_name", "forbidden header names")}}
and {{Glossary("Forbidden_response_header_name", "forbidden response header names")}}.
Expand Down
27 changes: 18 additions & 9 deletions files/en-us/web/api/headers/index.md
Original file line number Diff line number Diff line change
Expand Up @@ -9,18 +9,30 @@ browser-compat: api.Headers

The **`Headers`** interface of the [Fetch API](/en-US/docs/Web/API/Fetch_API) allows you to perform various actions on [HTTP request and response headers](/en-US/docs/Web/HTTP/Headers). These actions include retrieving, setting, adding to, and removing headers from the list of the request's headers.

A `Headers` object has an associated header list, which is initially empty and consists of zero or more name and value pairs. You can add to this using methods like {{domxref("Headers.append","append()")}} (see [Examples](#examples).) In all methods of this interface, header names are matched by case-insensitive byte sequence.
You can retrieve a `Headers` object via the {{domxref("Request.headers")}} and {{domxref("Response.headers")}} properties, and create a new `Headers` object using the {{domxref("Headers.Headers", "Headers()")}} constructor.

For security reasons, some headers can only be controlled by the user agent. These headers include the {{Glossary("Forbidden_header_name", "forbidden header names")}} and {{Glossary("Forbidden_response_header_name", "forbidden response header names")}}.
> [!NOTE]
> You can find out more about the available headers by reading our [HTTP headers](/en-US/docs/Web/HTTP/Headers) reference.
A Headers object also has an associated guard, which takes a value of `immutable`, `request`, `request-no-cors`, `response`, or `none`. This affects whether the {{domxref("Headers.set","set()")}}, {{domxref("Headers.delete","delete()")}}, and {{domxref("Headers.append","append()")}} methods will mutate the header. For more information see {{Glossary("Guard")}}.
## Description

You can retrieve a `Headers` object via the {{domxref("Request.headers")}} and {{domxref("Response.headers")}} properties, and create a new `Headers` object using the {{domxref("Headers.Headers", "Headers()")}} constructor.
A `Headers` object has an associated header list, which is initially empty and consists of zero or more name and value pairs. You can add to this using methods like {{domxref("Headers.append","append()")}} (see [Examples](#examples).) In all methods of this interface, header names are matched by case-insensitive byte sequence.

An object implementing `Headers` can directly be used in a {{jsxref("Statements/for...of", "for...of")}} structure, instead of {{domxref('Headers.entries()', 'entries()')}}: `for (const p of myHeaders)` is equivalent to `for (const p of myHeaders.entries())`.

> [!NOTE]
> You can find out more about the available headers by reading our [HTTP headers](/en-US/docs/Web/HTTP/Headers) reference.
### Modification restrictions

Some `Headers` objects have restrictions on whether the {{domxref("Headers.set","set()")}}, {{domxref("Headers.delete","delete()")}}, and {{domxref("Headers.append","append()")}} methods can mutate the header. The modification restrictions are set depending on how the `Headers` object is created.

- For headers created with {{domxref("Headers.Headers","Headers()")}} constructor, there are no modification restrictions.
- For headers of {{domxref("Request")}} objects:
- If the request's {{domxref("Request.mode","mode")}} is `no-cors`, you can modify any {{Glossary("CORS-safelisted request header")}} name/value.
- Otherwise, you can modify any {{Glossary("forbidden header name", "non-forbidden header")}} name/value.
- For headers of {{domxref("Response")}} objects:
- If the response is created using {{domxref("Response.error_static", "Response.error()")}} or {{domxref("Response.redirect_static", "Response.redirect()")}}, or received from a {{domxref("Window/fetch", "fetch()")}} call, the headers are immutable and cannot be modified.
- Otherwise, if the response is created using {{domxref("Response.Response","Response()")}} or {{domxref("Response.json_static","Response.json()")}}, you can modify any {{Glossary("forbidden response header name", "non-forbidden response header")}} name/value.

All of the Headers methods will throw a {{jsxref("TypeError")}} if you try to pass in a reference to a name that isn't a [valid HTTP Header name](https://fetch.spec.whatwg.org/#concept-header-name). The mutation operations will throw a `TypeError` if the header is immutable. In any other failure case they fail silently.

## Constructor

Expand Down Expand Up @@ -53,9 +65,6 @@ An object implementing `Headers` can directly be used in a {{jsxref("Statements/
> [!NOTE]
> To be clear, the difference between {{domxref("Headers.set()")}} and {{domxref("Headers.append()")}} is that if the specified header does already exist and does accept multiple values, {{domxref("Headers.set()")}} will overwrite the existing value with the new one, whereas {{domxref("Headers.append()")}} will append the new value onto the end of the set of values. See their dedicated pages for example code.
> [!NOTE]
> All of the Headers methods will throw a {{jsxref("TypeError")}} if you try to pass in a reference to a name that isn't a [valid HTTP Header name](https://fetch.spec.whatwg.org/#concept-header-name). The mutation operations will throw a `TypeError` if the header has an immutable {{Glossary("Guard")}}. In any other failure case they fail silently.
> [!NOTE]
> When Header values are iterated over, they are automatically sorted in lexicographical order, and values from duplicate header names are combined.
Expand Down

0 comments on commit 7b21121

Please sign in to comment.