Bug Tracker

Opened 11 years ago

Last modified 11 years ago

#8318 closed bug

Incorrect headers are sent when performing cross-domain ajax request — at Initial Version

Reported by: anonymous Owned by:
Priority: low Milestone: 1.next
Component: ajax Version: 1.5
Keywords: Cc:
Blocked by: Blocking:


When I perform cross-domain ajax request: $.ajax({

url:'http://fbtest/cross.php', crossDomain:true, data:{


}, type:'POST', dataType:'json', success:function(data, textStatus, jqXHR) {



}); Script that sends response is: <?php header('Access-Control-Allow-Origin: *'); echo file_get_contents('cross.json');

cross.json is: {

"name": "konst"


When I do GET request, everything is fine. When I do POST, request is not sent and in chrome it says: XMLHttpRequest cannot load http://fbtest/cross.php. Request header field x-requested-with is not allowed by Access-Control-Allow-Headers.

I've tracked down the code and found these lines in development version of jquery 1.5: Requested-With header Not set for crossDomain requests with no content (see why at http://trac.dojotoolkit.org/ticket/9486) Won't change header if already provided if ( !( s.crossDomain && !s.hasContent ) && !headersx-requested-with? ) {

headers[ "x-requested-with" ] = "XMLHttpRequest";


So you've got it right - you should NOT set x-requested-with header for cross-domain request. However you do. When I comment out this logic, it works fine. I think there is something wrong with checks you do.

Change History (0)

Note: See TracTickets for help on using tickets.