HttpHeaders.TryAddWithoutValidation Method
Definition
Important
Some information relates to prerelease product that may be substantially modified before it’s released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Returns a value that indicates whether a new header and its values were added to the HttpHeaders collection without validating the header values.
Overloads
| Name | Description |
|---|---|
| TryAddWithoutValidation(String, IEnumerable<String>) |
Returns a value that indicates whether the specified header and its values were added to the HttpHeaders collection without validating the provided information. |
| TryAddWithoutValidation(String, String) |
Returns a value that indicates whether the specified header and its value were added to the HttpHeaders collection without validating the provided information. |
TryAddWithoutValidation(String, IEnumerable<String>)
- Source:
- HttpHeaders.cs
- Source:
- HttpHeaders.cs
- Source:
- HttpHeaders.cs
- Source:
- HttpHeaders.cs
Returns a value that indicates whether the specified header and its values were added to the HttpHeaders collection without validating the provided information.
public:
bool TryAddWithoutValidation(System::String ^ name, System::Collections::Generic::IEnumerable<System::String ^> ^ values);public bool TryAddWithoutValidation(string name, System.Collections.Generic.IEnumerable<string> values);public bool TryAddWithoutValidation(string name, System.Collections.Generic.IEnumerable<string?> values);member this.TryAddWithoutValidation : string * seq<string> -> boolPublic Function TryAddWithoutValidation (name As String, values As IEnumerable(Of String)) As BooleanParameters
- name
- String
The header to add to the collection.
- values
- IEnumerable<String>
The values of the header.
Returns
true if the specified header name and values could be added to the collection; otherwise false.
Remarks
This method performs header name validation, returning false for invalid names. Header names are enforced to be valid HTTP tokens, where a token is defined as any set of ASCII letters, digits, or symbols from the "!#$%&'*+-.^_`|~" set, matching RFC9110's definition. Non-ASCII characters aren't allowed in a header name.
This method doesn't perform any header value validation. Values added via this method are assumed to be trusted, and other application logic, such as HttpClient, might misbehave if they're not well formed.
Values added without validation might be observed when enumerating the collection or querying for the specific header name, even when the caller isn't using the NonValidated view of the collection.
Caution
This method must never be used with untrusted values, unless they were otherwise sufficiently validated.
What constitutes "sufficient" validation can vary by use case. At a minimum, prohibit newline characters for protocol correctness, for example, if (value.ContainsAny('\r', '\n', '\0')) throw .... This validation should ensure that the server application sees values in the same way as the client application, with the server now being responsible for properly sanitizing its own inputs.
To guard against attacks such as request smuggling, callers are highly encouraged to validate that these values don't contain newline characters.
Applies to
TryAddWithoutValidation(String, String)
- Source:
- HttpHeaders.cs
- Source:
- HttpHeaders.cs
- Source:
- HttpHeaders.cs
- Source:
- HttpHeaders.cs
Returns a value that indicates whether the specified header and its value were added to the HttpHeaders collection without validating the provided information.
public:
bool TryAddWithoutValidation(System::String ^ name, System::String ^ value);public bool TryAddWithoutValidation(string name, string value);public bool TryAddWithoutValidation(string name, string? value);member this.TryAddWithoutValidation : string * string -> boolPublic Function TryAddWithoutValidation (name As String, value As String) As BooleanParameters
- name
- String
The header to add to the collection.
- value
- String
The content of the header.
Returns
true if the specified header name and value could be added to the collection; otherwise false.
Remarks
This method performs header name validation, returning false for invalid names. Header names are enforced to be valid HTTP tokens, where a token is defined as any set of ASCII letters, digits, or symbols from the "!#$%&'*+-.^_`|~" set, matching RFC9110's definition. Non-ASCII characters aren't allowed in a header name.
This method doesn't perform any header value validation. Values added via this method are assumed to be trusted, and other application logic, such as HttpClient, might misbehave if they're not well formed.
Values added without validation might be observed when enumerating the collection or querying for the specific header name, even when the caller isn't using the NonValidated view of the collection.
Caution
This method must never be used with untrusted values, unless they were otherwise sufficiently validated.
What constitutes "sufficient" validation can vary by use case. At a minimum, prohibit newline characters for protocol correctness, for example, if (value.ContainsAny('\r', '\n', '\0')) throw .... This validation should ensure that the server application sees values in the same way as the client application, with the server now being responsible for properly sanitizing its own inputs.
To guard against attacks such as request smuggling, callers are highly encouraged to validate that these values don't contain newline characters.
