For me, Postman is maintaining the atlassian.xsrf.token and JSESSIONID which makes it impossible for me to simulate a “logged off” user… I’d have to wait the session expire on the server to test my code!!!
Just wanted to link the two things together, here is the app-support ticket: https://github.com/postmanlabs/postman-app-support/issues/2689
Your link didn’t work for me. I tracked it down though.
This is a ridiculous decision.
How are we meant to test different caching strategies if Postman always sends a temporary
cache-control header that disables caching?
JQuery.ajax() etc do not add this temporary header when loading a resource, even if the browser does so when performing a direct, address bar, request.
@girish.jaiswal has a work around, but it is couinterintuitive to add an empty header to remove the temporary header. This should just work out of the box.
cache-control header can be disabled from the settings:
I am having trouble sending requests to a third party admin endpoint. If copy out the curl and remove all the extra headings it works. Can we have a toggle to remove all temporary headers? It rather defeats the purpose of using your tool if I have to copy the request and curl it instead.
I downloaded POSTMAN to have a client which is able to meticulously specify my request. Now I see it’s adding stuff under the hood automatically. I can see why it’s useful, but please consider an option to disable the default headers so we can troubleshoot our API’s.
I don’t understand what you guys were thinking when you started adding temporary headers to all curls. It’s super annoying sending curl requests to other people now. And time is often wasted debugging why a curl is not working where the cause is always a temporary header like host or content length.