Inconsistent Accept-Encoding Request Header
in Chrome and Chromium (113.0.5672.85)
There is inconsistent behavior with the output generated by the Chrome/Chromium Developer Tools for cUrl and Powershell (Invoke-WebRequest).
I'm using httpbin.org/post as an example:
curl -X POST 'https://httpbin.org/post' \
-H 'Accept: application/json, text/plain, */*' \
-H 'Accept-Language: en-US,en;q=0.9,zh-CN;q=0.8,zh;q=0.7' \
-H 'Connection: keep-alive' \
-H 'Content-Type: application/json' \
-H 'Origin: https://share.getawair.com' \
-H 'Referer: https://share.getawair.com/' \
-H 'Sec-Fetch-Dest: empty' \
-H 'Sec-Fetch-Mode: cors' \
-H 'Sec-Fetch-Site: cross-site' \
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36' \
-H 'sec-ch-ua: "Chromium";v="112", "Google Chrome";v="112", "Not:A-Brand";v="99"' \
-H 'sec-ch-ua-mobile: ?0' \
-H 'sec-ch-ua-platform: "Windows"' \
--data-raw '{"something":"something_else"}' \
--compressed
Invoke-WebRequest -UseBasicParsing -Uri "https://httpbin.org/post" `
-Method "POST" `
-Headers @{
"Accept"="application/json, text/plain, */*"
"Accept-Encoding"="gzip, deflate, br"
"Accept-Language"="en-US,en;q=0.9"
"Origin"="https://share.getawair.com"
"Referer"="https://share.getawair.com/"
"Sec-Fetch-Dest"="empty"
"Sec-Fetch-Mode"="cors"
"Sec-Fetch-Site"="cross-site"
"sec-ch-ua"="`"Chromium`";v=`"112`", `"Google Chrome`";v=`"112`", `"Not:A-Brand`";v=`"99`""
"sec-ch-ua-mobile"="?0"
"sec-ch-ua-platform"="`"Windows`""
} `
-ContentType "application/json" `
-Body "{`"something`":`"something_else`"}"
The response back from Powershell has garbled response content:
At first, I thought it might be a Powershell encoding issue and tried to re-encode the content to UTF-8
, ASCII
, UTF-16
, and ISO-8859-1
to no avail.
Comparing the cUrl request vs the Invoke-WebRequest, you can see the differences exist in the Accept-Encoding
request header with "Accept-Encoding"="gzip, deflate, br"
The br
indicates Brotli compression. By removing this, I was able to get the same response as the cUrl
request. Hitting other APIs with Invoke-WebRequest and that request header value will yield the expected response.
Why do Chrome and Chromium generate the cUrl
request without Accept-Encoding
while Powershell Invoke-WebRequest
does? Firefox includes the 'Accept-Encoding: gzip, deflate, br'
request header.
curl 'https://httpbin.org/post' -X POST -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/109.0' -H 'Accept: application/json, text/plain, */*' -H 'Accept-Language: en-US,en;q=0.5' -H 'Accept-Encoding: gzip, deflate, br' -H 'Referer: https://share.getawair.com/' -H 'Content-Type: application/json' -H 'Origin: https://share.getawair.com' -H 'Connection: keep-alive' -H 'Sec-Fetch-Dest: empty' -H 'Sec-Fetch-Mode: cors' -H 'Sec-Fetch-Site: cross-site' -H 'x-ak-sbux-debug: x-ak-sbux-debug' --data-raw '{"something":"something_else"}'
I had to add the --compressed
flag to have it try to output the response and using version 7.68.0-1ubuntu2.18
:
curl: (23) Unrecognized content encoding type. libcurl understands deflate, gzip content encodings.
Supposedly Brotli compression is supported by cUrl, which seems to be available in the default build.