If you’ve found an error, spotted something missing, or feel a section could be clearer or better explained, we’d love to hear from you. Your feedback helps keep the documentation accurate and useful for everyone.
Please report issues or suggest improvements on GitHub. Community input is invaluable in making the docs stronger.
Not comfortable with GitHub? No problem — you can also get in touch with us directly via our contact form. We welcome all feedback.
Custom Headers
The mx-headers attribute allows you to add custom HTTP headers to your Trongate MX requests. This feature is particularly useful when you need to send additional information to your server endpoints, such as authentication tokens, API keys, or custom metadata.
Basic Usage
The mx-headers attribute accepts a JSON object containing key-value pairs that represent your custom headers. Each key-value pair will be sent as an HTTP header with your request.
Here's a basic example using Trongate's form_button() helper function:
And here's the equivalent using pure HTML:
The example above is for illustration purposes only. Never hardcode security tokens or API keys directly into HTML source code. These credentials would be visible in the page source and could pose significant security risks.
Cleaner Syntax for Advanced Use
To avoid syntax errors and improve maintainability when working with multiple headers, you can combine Trongate's form_button() function with PHP's json_encode():
This approach uses PHP's json_encode() function to ensure properly formatted JSON for the mx-headers attribute while keeping the code maintainable.
For those who prefer to work primarily with HTML, here's an alternative syntax:
Important Technical Considerations
- The
mx-headersvalue must be valid JSON - malformed JSON will cause the request to fail - When using HTML attributes directly, use single quotes around the attribute value since JSON requires double quotes for properties
- Header names are case-insensitive according to the HTTP specification, but conventionally written in Title-Case
- Some headers (like
Content-Length) are automatically managed by browsers and cannot be set via JavaScript
Common Use Cases
1. Authentication Headers
Authentication is a primary use case for custom headers. Here's a secure implementation using the form_button() function:
Authentication Best Practices:
- Use
Bearerauthentication for JWTs and OAuth 2.0 access tokens - Implement CSRF protection for POST requests
- Store tokens securely (e.g., in HTTP-only cookies for session tokens)
- Use short-lived tokens and implement proper token rotation
2. API Version Headers
Version headers help manage API compatibility:
3. Request Tracking Headers
Custom headers can help with request tracking and debugging:
Security Considerations
Critical Security Guidelines:
- Always use HTTPS for requests containing sensitive headers
- Validate and sanitize all header values on both client and server sides
- Store sensitive tokens securely
- Implement rate limiting on endpoints that accept custom headers
Conclusion
The mx-headers attribute provides a flexible way to include custom HTTP headers in your Trongate MX requests. When implemented with proper security considerations, it enables robust authentication, versioning, and request tracking capabilities in your applications.