header-override

Override HTTP headers

Usage no npm install needed!

<script type="module">
  import headerOverride from 'https://cdn.skypack.dev/header-override';
</script>

README

header-override

Express middleware for overwritting headers using the request query or body. Useful when dealing with clients that don't allow setting request headers directly, for example older IE browsers that support the XDomainRequest API.

npm install header-override

Usage

The middleware will add any additional header to req.headers, overwritting already specified headers.

var headerOverride = require('header-override');
var express = require('express');

var app = express();

app.use(headerOverride());

By default the module looks for additional headers in the query (with the headers key).

An example using XDomainRequest.

var xdr = new XDomainRequest();

xdr.open('POST', '/?headers={"Content-Type":"application/json","Authorization":"token"}');
xdr.send(JSON.stringify({ json: true }));

This will set the Content-Type header on the server to application/json, and the Authorization header to token. Headers can be encoded as JSON, or when using express that supports nested objects, it's possible to include the headers using brackets.

POST /?headers[Content-Type]=application/json&headers[Authorization]=token

It's also possible to specify how to retrieve additional headers. Passing a string as first argument to the module will use that string as query parameter name. The module also accepts a function which is expected to return the additional headers.

app.use(headerOverride('additionalHeaders')); // Look for headers in req.query.additionalHeaders
app.use(headerOverride(function(req, res) {
    return req.body.headers;
}));

Use the allow option to whitelist which headers may be overwritten.

app.use(headerOverride(null, { allow: ['Content-Type', 'Authorization'] }));
app.use(headerOverride(null, {
    allow: function(req, res, header) {
        return header === 'content-type';
    }
}));