17

When should we use headers in the HttpRequestMessage object over headers in the HttpClient ??

We have need to add Authorization (always changing) and few custom headers (always changing )

Questions

  1. Which is the preferred method ?

  2. Should i be adding common headers (same across all the requests) to the HttpClient and request based headers to the HttpRequestMessage object ??

       //HttpRequestMessage Code
    HttpRequestMessage reqmsg =new HttpRequestMessage();
    reqmsg.Headers.Authorization =new AuthenticationHeaderValue("some scheme");
    reqmsg.Headers.Add("name","value");

    //HttpClient Code
    HttpClient client =new HttpClient();
    client.DefaultRequestHeaders.Authorization =new AuthenticationHeaderValue("some scheme");
    client.DefaultRequestHeaders.Add("name", "value");
nen
  • 345
  • 1
  • 3
  • 14
  • Perhaps a nitpick, but the current thinking seems to be to instantiate HttpClient as a singleton, not as a short-lived object (in which case, don't forget to Dispose/use 'using'). – Max Barraclough Jul 23 '18 at 11:01
  • @MaxBarraclough It would seem that the general consensus now is **_not_ to wrap HttpClient in a using block** as it will leak connections instead of just recycling the HttpClient. Please see some of the comments in these SO questions: [Question-1](https://stackoverflow.com/questions/14627399/setting-authorization-header-of-httpclient) and [Question-2](https://stackoverflow.com/questions/29801195/adding-headers-when-using-httpclient-getasync/40707446#40707446) – Anthony Walsh Mar 16 '19 at 19:14
  • 1
    @AnthonyWalsh This article agrees with you: seems my first suggestion was good, but not my second one: https://aspnetmonsters.com/2016/08/2016-08-27-httpclientwrong/ – Max Barraclough Mar 28 '19 at 21:45

1 Answers1

21
  1. Which is the preferred method ? Should i be adding common headers (same across all the requests) to the HttpClient
  2. and request based headers to the HttpRequestMessage object ??

Your questions are auto-answered themselves.

DefaultRequestHeaders are ones that will be part of any request, which is a plus because you'll be able to avoid repeating yourself adding some headers one over again. In the other hand, HttpRequestMessage.Headers will be only part of that request.

When should you use one over the other? I'm going to use two examples:

  • I need to send an OAuth bearer token as part of every request so I set the Authorization header in the HttpClient.DefaultRequestHeaders, and if I need to refresh the token, I just need to set it again there.

  • I need to send an entity serialized as JSON or XML depending on some condition. That is, I'll set the Content-type header in a per-request basis.

Matías Fidemraizer
  • 59,064
  • 16
  • 107
  • 181
  • "and if I need to refresh the token, I just need to set it again there." I don't think changing `DefaultRequestHeaders` is thread safe... – Aldracor May 02 '19 at 13:46
  • @Aldracor you are correct in that DefaultRequestHeaders isn't thread safe. Recommended practice is to use a static instance of HttpClient for the entire app. Never use DefaultRequestHeaders or BaseAddress, always use HttpRequestMessage. – Larry Smith May 16 '19 at 23:23