Is it true that you cannot add/modified 307 header except Location? I'm trying to do that in Node.js and seems that newly added header 'X-Atlassian-Token': 'no-check' is not used by the client.
Somebody has asked the same question on Stackoverflow and one person replied -
Is it possible to set some http headers while http-redirect(302 or 307)?
"Actually, through Java objects, you can set request properties but not headers. I am looking for an answer to this myself. I believe this is a deliberate restriction to prevent faking authentication tokens and other information sent through the headers. I will post a solution if I find one."
Best How To :
Is it true that you cannot add/modified 307 header except Location?
No, it's not true. Running your code shows a response including both the specified status code and the extra headers:
HTTP/1.1 307 Temporary Redirect
Date: Sat, 06 Jun 2015 13:40:41 GMT
If that's not having the effect you expect, see this other answer to the same question:
You should also ensure that your response headers refer to that response rather than the resource that the client is being redirected to.
That is, the
X-Atlassian-Token: no-check header won't be carried across to the follow-up request (and, specifically, won't be sent by the client).