From 5e69d07c155b809d9c331380f9e7889c22322d76 Mon Sep 17 00:00:00 2001
From: Max Hilbrunner <mhilbrunner@users.noreply.github.com>
Date: Sat, 14 Apr 2018 16:42:36 +0200
Subject: [PATCH] Merge pull request #1363 from mhilbrunner/http-headers

HTTPRequest: Add HTTP header example, notes about SSL and tokens
---
 tutorials/networking/http_request_class.rst | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tutorials/networking/http_request_class.rst b/tutorials/networking/http_request_class.rst
index 8932f6337..dbf3dd590 100644
--- a/tutorials/networking/http_request_class.rst
+++ b/tutorials/networking/http_request_class.rst
@@ -43,6 +43,18 @@ For more information on parsing JSON, see the class references for :ref:`JSON <c
 
 Note that you may want to check whether the ``result`` equals ``RESULT_SUCCESS`` and whether a JSON parsing error occurred, see the JSON class reference and :ref:`HTTPRequest <class_HTTPRequest>` for more.
 
+Of course, you can also set custom HTTP headers. These are given as a string array, with each string containing a header in the format ``"header: value"``.
+For example, to set a custom user agent (the HTTP ``user-agent`` header) you could use the following:
+
+::
+
+    $HTTPRequest.request("http://www.mocky.io/v2/5185415ba171ea3a00704eed", ["user-agent: YourCustomUserAgent"])
+
+Please note that for SSL/TLS encryption and thus HTTPS URLs to work you may need to take some steps as described :ref:`here <doc_ssl_certificates>`.
+
+Also, when calling APIs using authorization, be aware that someone might analyse and decompile your released application and thus may gain access to any embedded authorization information like tokens, usernames or passwords.
+That means it is usually not a good idea to embed things such as database access credentials inside your game. Avoid providing information useful to an attacker whenever possible.
+
 Sending data to server
 ----------------------