feat(http) add unsafe-headers feature flag (#1050)

* [http] add unsafe-headers feature flag * change file * fmt
2026-06-06 13:53:54 +02:00 · 2024-03-08 06:31:47 +01:00
parent bff722451d
commit 753c7be0a6
4 changed files with 40 additions and 31 deletions
@@ -53,3 +53,4 @@ deflate = [ "reqwest/deflate" ]
 trust-dns = [ "reqwest/trust-dns" ]
 socks = [ "reqwest/socks" ]
 http3 = [ "reqwest/http3" ]
+unsafe-headers = []
@@ -195,7 +195,8 @@ pub async fn fetch<R: Runtime>(
                for (name, value) in &headers {
                    let name = HeaderName::from_bytes(name.as_bytes())?;
                    let value = HeaderValue::from_bytes(value.as_bytes())?;
-                    if !matches!(
+                    #[cfg(not(feature = "unsafe-headers"))]
+                    if matches!(
                        name,
                        // forbidden headers per fetch spec https://fetch.spec.whatwg.org/#terminology-headers
                        header::ACCEPT_CHARSET
@@ -218,8 +219,10 @@ pub async fn fetch<R: Runtime>(
                            | header::UPGRADE
                            | header::VIA
                    ) {
-                        request = request.header(name, value);
+                        continue;
                    }
+
+                    request = request.header(name, value);
                }

                // POST and PUT requests should always have a 0 length content-length,