I have noticed that new version on Postman is having a section called ātemporary Headersā.
Is there a way to disable that.
6 Likes
You want to disable sending the headers or stop showing it. We have just released a patch that hides it by default.
If you want to disable sending the temp headers, Iām afraid that is not possible since Postman is adding headers that it thinks is required for the request to go through, which otherwise youād have had to provide manually. This is same as browsers / other clients do.
3 Likes
But when I just want to test the request without cookie.How can I do?
The temporary headers will always add the cookie to the request.
2 Likes
The whole point of Postman is to mock HTTP requests, not browsers. Iāve used Postman for years but if unwanted headers are being forced upon me then Iāll have to find an alternative tool like Insomnia.
Itās an absolutely bonkers design decision to add headers no-one wants and make it impossible to remove them. It will make testing APIs impossible because we canāt control whatās actually being sent. Not to mention cookie issues. What were you thinking?!
13 Likes
@liguoqinjim @richjenks There has been no change in the behaviour of the app. Headers like Host/Content-Length/Cookie have always been added to the request - they were just not visible to the user.
These are now shown (under the Temporary Headers section) in the interest of lettings users see exactly what is being sent.
The Host header is not something āno-one wantsā. According to https://tools.ietf.org/html/rfc2616, the client must add the header.
Are you seeing any change in behaviour as far the actual API response is concerned?
1 Like
@abhijit User-Agent, Accept, cookie, accept-encoding and Connection are headers I do not want to be added to requests unless specified.
Are you arguing that itās desirable to have cookies added against your will?
6 Likes
@richjenks These headers were always added to the request (even in previous versions of the app), but not shown. Iāve added a screenshot showing an older version of Postman making a request. Thereās nothing visible in the headers section of the app, but you can see the Accept/Cookie headers being sent in the actual request (on the right).
Not including specific headers is a different problem, and one that will need to be solved differently for each header. The Accept/User-Agent/Host headers can be overriden manually, for example. Not sending cookies will require a separate setting / user flow.
2 Likes
Postman 7.2.1 supports an experimental code generation mode. This can be enabled using the 'Experimental Codegen mode` flag in Postmanās global settings.
With this enabled, youāll see a new code generation window, with bug fixes, support for two new languages (JS-Fetch and PowerShell), and the ability to customize certain aspects of the generated snippet, including the ability to show/hide temporary headers.
3 Likes
I am actually having an issue using Postman to interact with Elasticsearch, because of the temporary headers.
I get a a 406 Not Acceptable with the following reply:
{
āerrorā: āContent-Type header [text/plain] is not supportedā,
āstatusā: 406
}
The request is a POST to localhost:9200/_snapshot/my_backup with the following contents:
{
ātypeā: āfsā,
āsettingsā: {
ālocationā: āmy_backup_locationā
}
}
I can send GET requests to Elasticsearch just fine, for some reason. But for POST request, I get the rejection I have described.
I would like to use Postman to interact with Elasticsearch instead of using curl from the command line, but this header issue is forcing me not to use Postman for this purpose.
Edit: I seem to be getting a similar response when I remove the temporary headers and send the request using curl. This is potentially an Elasticsearch issue.
Sent request:
curl -X POST
http://localhost:9200/_snapshot/my_backup
-d ā{
ātypeā: āfsā,
āsettingsā: {
ālocationā: āmy_backup_locationā
}
}ā
Response:
{āerrorā:āContent-Type header [application/x-www-form-urlencoded] is not supportedā,āstatusā:406}
1 Like
The issue is documented here:
By changing the Content-Type header of the curl request, I was able to get the request to go through.
The command is as follows:
curl -X PUT
http://localhost:9200/_snapshot/my_backup
-H āAccept: /ā
-H āCache-Control: no-cacheā
-H āConnection: keep-aliveā
-H āContent-Type: application/jsonā
-H āHost: localhost:9200ā
-H āPostman-Token: d5d262df-3320-4f7b-a19e-a326f171e432,70f47523-63a0-43d1-9f7d-3ad581ce9d2eā
-H āUser-Agent: PostmanRuntime/7.15.0ā
-H āaccept-encoding: gzip, deflateā
-H ācache-control: no-cacheā
-H ācontent-length: 72ā
-d ā{
ātypeā: āfsā,
āsettingsā: {
ālocationā: āmy_backup_locationā
}
}ā
I just changed text/plain to application/json.
That said, there should be some way in Postman to change this setting.
1 Like
Iām new to Postman, so I cannot speak to the 'itās always done this, now just showing it issue". However, I came here trying to find out how to disable the temporary headers that Iām not explicitly setting.
so, +1 for disabling these beyond just the code generation aspect.
5 Likes
+1
Switching to insomnia for now. There should be an ability to not send ātemporary headersā.
4 Likes
Agreed that this should be a feature, regardless of if it was in previous versions or not. A big part of API testing is checking how headers behave and if you cant control that on postman then you need to look for alternatives
I do hope you implement this
2 Likes
Thanks for all the feedback on this thread. We have slotted this on our roadmap and will ship out a fix soon.
We are exploring changing the name of āTemporary Headersā, which is TBH, confusing to many. We will add some docs to explain why these headers are needed and added by Postman. Besides that, we are also exploring introducing a settings option to disable adding these headers.
Itās still in a design prototype phase, so I donāt have anything concrete to show right now, but I will let you people know as soon as I have something on my hand.
3 Likes
Disable.
Authorization headers are being added automagically. Why in the world would it do something like that? Where is it getting the values for the header?
2 Likes
Damn! I canāt believe that the tool whose sole aim is to aid the development of APIs forces some request headers and doesnāt allow them to be disabled. The server I am sending request to doesnāt like gzipped Content-Encoding but Postman sends my content gzipped by default and sets a Content-Encoding header! The server doesnāt understand whatās reaching it!!!
3 Likes
Hey @prabkum,
Have you tried using something like this in the Pre-Request Script to change the header being sent:
pm.request.headers.upsert({key: 'accept-encoding', value: '*'})
Or
pm.request.headers.upsert({key: 'accept-encoding', value: ['identity', 'br']})
These are just examples but you could use the same method to set that header to the value that the server accepts.
2 Likes
I tried to use postman for one of the CTFs. It took me 4 hours to realize that this was due to postmanās temporary headers that I was getting my requests denied.
I strongly think that temporary headers should be optional, otherwise this just limits the capabilities of Postman as an API tool in general, and forces an entire userbase to look for a different solution
2 Likes
I just downloaded Postman a couple hours ago and was using it until I noticed the headers that it was adding to every request. I ended up here when I tried to figure out how to disable them and Iām dumfounded how there is no option in a REST API development tool to disable headers that are sent with every request.
MAYBE if it was a feature in a paid version of the software then I could understand, but the fact that this is just how it is? Absolutely ridiculous, and it makes the tool inferior to something as simple and basic as Advanced REST Client, which I will go back to using.
2 Likes
Im sorry but it is a horrible decision to not allow the option to remove these temp headers. I canāt use postman now because it forces the cookie header when I actually want to remove it. Who made this design decision?
1 Like