This just cost me two hours because an API returned me permission denied. If I use curl without all the temp headers it works fine. Please add an option to remove it.
4 Likes
Do we have an update on the fix? This is starting to be a major issue for us.
2 Likes
Just ran into this with a vendor who barfs when I send them unwanted headers.
One (annoying) workaround Iâve found is that Postman doesnât seem to send the unwanted headers UNLESS the request is saved - that is, if you make a NEW request with the same data and itâs not saved, the request doesnât get any hitchhiking headers (v.7.5.0, Windows 10).
What this basically comes down to is adding headers by default even may be user friendly, not providing anyway to manually omit those headers is not developer friendly, and developers are the main target of this app. I suspect this has caused many a dev frustration in the past and revealing them has just made the issue more visible.
1 Like
This is impossible to use. can someone recommend a different REST client that doesnt add unwanted headers.
1 Like
Is there an update on this? Iâm trying to send a post request and am seeing the following error:
Handler for Request not found:
Request.HttpMethod: GET
Request.HttpMethod: GET
Request.PathInfo: /[url goes here]
Request.QueryString:
Request.RawUrl: /[url goes here]Thanks, I hate it. I have to use curl now, which doesnât force any behavior on you.
Just popping as well to say this is something that definitely I need to be able to disable. Suggesting headers people need is great, but forcing this IS bonkers as @richjenks points out. It goes seriously against the whole purpose of this application.
2 Likes
Well, this explains some behavior mismatch Iâve always had from Postman to other tools.
As hard as it might be for Postman to understand, we all use other tools and need good translation between them. cURL, JMeter, SoapUI, et al.
Saying âweâve always done it that wayâ doesnât exactly build confidence in Postman. The temp headers will make things easier at the beginning for me, but I want to be able to turn them off later, so I can more accurately translate to other tools.
Can a âSend Temporary Headersâ checkbox or switch be added? This should be an easy fix. Thanks!
3 Likes
Would really like this feature. Will avoid using postman until this is fixed.
2 Likes
Yes, please!
Just to support the idea, I think itâs crucial.
I am a new user to Postman. It has been an awesome tool to date as I work on a WebApi app. However, I found this VERY important thread as I hit an unusual road block in my development and testing.
Scenario:
- GET I submit a token request (OAuth2) to my Web API. Token is received
- POST I open a new tab, and make a POST request to a resource that requires authorization. Token is included in the Header. Key is Authorization, Value contains Bearer and my Token. Works fine! Result returned from Web Api.
- POST First save the request to a folder in Postman. Rerun the exact previous POST request. (Token is still valid âŚetc) And the request is denied! Why ??? Went around in circles for a couple of hours⌠only to find that Postman was also sending the âTemporary Headersâ which included an Authorization Header with an expired token ! So the Temp Auth header is being read by Web Api, and then the request is denied!
When I open a brand new tab (not saved) and make the POST request to the resource requiring Authorization, and submit the very same token, the request is valid!
Guys ⌠programming is hard enough ⌠this kind of âbugâ makes things even harder. If someone from Postman can address this issue I would love to hear the explanation. I could not seem to remove the temporary headers Postman submit. The only way was to open a new tab, then re-enter the data. Not very productive
Postman has been a great tool. If this issue can be addressed, seems as if it would be appreciated by many.
Thanks!
Are you using any authorization helpers provided under Authorization section in Postman? That could cause the Authorization header to be replaced as temporary header.
Also, how are you setting the token received from GET request to be used by the POST request? Are you using Postman environment for that or simply copy-pastingg the token in headers?
I have the same problem. A token is renewed, but the temporary header keeps sending the old one, and I always get a authorization denied. Itâs very annoying, and I seem not to be able to solve it.
I have the same problem. In my case Postman keeps ASP.NET_SessionId= ⌠cookie, and send it with following requests. Really annoying
Whatever postman is sending by default is not appreciated by Google App Engine. I had to switch to using Insomnia because i could not make a successful GET request with postman. I canât control exactly what is being sent. This is really bad.
+1 Please let us the capability to disable this feature and let us control what we want to send. I enjoyed Postman but now need to move away :â(
Please OFF this stupidity.
+1 for disabling this. Have been trying to test an API here. Struggling with trying to understand why Iâm getting http 400 codes back. Itâs the headers. Switched to Insomnia (where I donât need to sign up!) and itâs working perfectly. What an utterly unfathomably stupid feature for a tool thatâs going to be used by people that want to have that fine level of control.