Bug Tracker

Opened 10 years ago

Closed 10 years ago

#4858 closed bug (duplicate)

Access control behaves differently with custom headers set - and jQ sets a custom header

Reported by: kesor Owned by:
Priority: major Milestone: 1.4
Component: ajax Version: 1.3.2
Keywords: Cc:
Blocked by: Blocking:

Description

According to the specs for Access-Control, using a 'POST' to a cross-domain should not trigger an OPTIONS pre-flight. Unless there are non-standard headers that is.

http://www.w3.org/TR/2007/WD-access-control-20071126/ https://developer.mozilla.org/en/HTTP_access_control

These two lines in jquery.js set a custom header, and cause a preflight OPTIONS request:

Set header so the called script knows that it's an XMLHttpRequest xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");

Would be great if it could be either disabled by default for cross-domain requests, or removed completely, or made optional with a provided switch to toggle it on and off.

Same bug in Dojo: http://trac.dojotoolkit.org/ticket/9486

Change History (1)

comment:1 Changed 10 years ago by john

Resolution: duplicate
Status: newclosed

Duplicate of #4601.

Note: See TracTickets for help on using tickets.