does XMLHTTPR开发者_StackOverflowequest allow one to set "any" headers? Because it seems to be limiting me from setting the host header.
No, as it will cause security issues. Please refer to W3C XMLHttpRequest Level 2 spec, the setRequestHeader() method should terminate if header is a case-insensitive match for one of the following headers:
- Accept-Charset
- Accept-Encoding
- Access-Control-Request-Headers
- Access-Control-Request-Method
- Connection
- Content-Length
- Cookie
- Cookie2
- Content-Transfer-Encoding
- Date
- Expect
- Host
- Keep-Alive
- Origin
- Referer
- TE
- Trailer
- Transfer-Encoding
- Upgrade
- User-Agent
- Via
Update: Konstantinos Filios is right that latest list can be found in WHATWG XMLHttprequest spec.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论