Opened 12 years ago

Closed 11 years ago

#9486 closed defect (fixed)

Setting "X-Requested-With" header causes preflight request in CS-XHR

Reported by: Kris Zyp Owned by: James Burke
Priority: high Milestone: 1.4
Component: IO Version: 1.3.0
Keywords: Cc:
Blocked By: Blocking:


Setting the "X-Requested-With" header in xhr.js causes cross-site XHR requests to force preflight requests when none should be necessary with simple GET requests (this is the changeset that causes this bug

Attachments (1)

xhr-requested-with-option.diff (569 bytes) - added by Kris Zyp 12 years ago.
At the very least make it possible to disable the "X-Requested-With" header

Download all attachments as: .zip

Change History (4)

Changed 12 years ago by Kris Zyp

At the very least make it possible to disable the "X-Requested-With" header

comment:1 Changed 12 years ago by James Burke

What about a dojo.config.xRequestedWith = "some string" or empty string means that it should not be added? Similarly, change the for(var hdr in args.headers) block to skip args.headers that had empty string values. That way there is a global and a per-request override. How does that sound?

comment:2 Changed 12 years ago by Kris Zyp

Thats fine too, I suggested the XHR arg because that makes it possible for the xhrPlugins module that knows that a cross-site XHR request is being made to automatically omit this header. Probably whatever can be done with the fewest bytes would be best, but whatever is fine.

comment:3 Changed 11 years ago by James Burke

Resolution: fixed
Status: newclosed

Fixed in [20403]: "enable not sending X-Requested-With by setting that header value to an empty string on a per-request basis. "

Note: See TracTickets for help on using tickets.