Opened 6 years ago

Closed 6 years ago

#9486 closed defect (fixed)

Setting "X-Requested-With" header causes preflight request in CS-XHR

Reported by: kzyp Owned by: jburke
Priority: high Milestone: 1.4
Component: IO Version: 1.3.0
Keywords: Cc:
Blocked by: Blocking:

Description

Setting the "X-Requested-With" header in xhr.js causes cross-site XHR requests to force preflight requests when none should be necessary with simple GET requests (this is the changeset that causes this bug http://bugs.dojotoolkit.org/changeset/12674).

Attachments (1)

xhr-requested-with-option.diff (569 bytes) - added by kzyp 6 years ago.
At the very least make it possible to disable the "X-Requested-With" header

Download all attachments as: .zip

Change History (4)

Changed 6 years ago by kzyp

At the very least make it possible to disable the "X-Requested-With" header

comment:1 Changed 6 years ago by jburke

What about a dojo.config.xRequestedWith = "some string" or empty string means that it should not be added? Similarly, change the for(var hdr in args.headers) block to skip args.headers that had empty string values. That way there is a global and a per-request override. How does that sound?

comment:2 Changed 6 years ago by kzyp

Thats fine too, I suggested the XHR arg because that makes it possible for the xhrPlugins module that knows that a cross-site XHR request is being made to automatically omit this header. Probably whatever can be done with the fewest bytes would be best, but whatever is fine.

comment:3 Changed 6 years ago by jburke

  • Resolution set to fixed
  • Status changed from new to closed

Fixed in [20403]: "enable not sending X-Requested-With by setting that header value to an empty string on a per-request basis. "

Note: See TracTickets for help on using tickets.