mirror of
https://github.com/bigskysoftware/htmx.git
synced 2025-09-30 06:21:19 +00:00
1e844f67c3
* Update hx-headers.md Add an example of evaluated values passed to hx-headers. * Follow the example in hx-vals.
1.3 KiB
1.3 KiB
+++ title = "hx-headers" +++
The hx-headers attribute allows you to add to the headers that will be submitted with an AJAX request.
By default, the value of this attribute is a list of name-expression values in JSON (JavaScript Object Notation) format.
If you wish for hx-headers to evaluate the values given, you can prefix the values with javascript: or js:.
<div hx-get="/example" hx-headers='{"myHeader": "My Value"}'>Get Some HTML, Including A Custom Header in the Request</div>
<div hx-get="/example" hx-headers='js:{myVal: calculateValue()}'>Get Some HTML, Including a Dynamic Custom Header from Javascript in the Request</div>
Security Considerations
- By default, the value of
hx-headersmust be valid JSON. It is not dynamically computed. If you use thejavascript:prefix, be aware that you are introducing security considerations, especially when dealing with user input such as query strings or user-generated content, which could introduce a Cross-Site Scripting (XSS) vulnerability.
Notes
hx-headersis inherited and can be placed on a parent element.- A child declaration of a header overrides a parent declaration.