HTML5 - Refused to set unsafe header

Currently the giant [GAME].js file includes a few header calls on XMLHttpRequest that generates a warning on Chrome, but crashes UE4 game tick on Safari and Firefox.

As the file is big, obfuscated and minimized, I cannot give you line numbers but just what to search to find the problematic code:

  http.setRequestHeader("Connection","close")
  http.setRequestHeader("Content-length",_param.length)
  xhr.setRequestHeader("Connection","close")

These must be removed from the JS file.

This must be checked, if any endpoint that calls this, should not request a header that will cause errors:

  xhr.setRequestHeader(header[0],header[1])

Please check [W3C’s list of unsafe headers that are denied by browsers (click here)][1] for more information.

XMLHttpRequest Level 1

oh, function name is _UE_MakeHTTPDataRequest by the way.

There were some calls like this in the underlying Emscripten compiler at removed unnecessary headers from POST requests · emscripten-core/emscripten@1c7ee32 · GitHub, not sure if these headers came as part of that, or if it is something in the UE4 JS wrappers there. Agreed that those should not be specified. Emscripten 1.36.0 and newer will have this fix.

Hey ,

I have compared 4.11.2 to 4.10.4, I could not find the code you stated above in 4.11.2. Could you please check to verify that this is no longer occurring?

Have a great weekend!

I am still using 4.10, had a few major problems with my project in 4.11, so i had to return back. :frowning:

Does your HTML5 game react this way, or another way? If it reacts differently, could you please provide me the step-by-step reproduction steps so I can verify and report the bug?

Thanks!

Hey ,

We have not heard back from you in a few days, so we are marking this post as Resolved for tracking purposes. If you are still experiencing the issue you reported, please respond to this message with additional information and we will offer further assistance.

Thank you!