Bug Tracker

Opened 11 years ago

Last modified 11 years ago

#8318 closed bug

Incorrect headers are sent when performing cross-domain ajax request — at Version 1

Reported by: anonymous Owned by:
Priority: low Milestone: 1.next
Component: ajax Version: 1.5
Keywords: Cc:
Blocked by: Blocking:

Description (last modified by jitter)

When I perform cross-domain ajax request:

$.ajax({
    url:'http://fbtest/cross.php',
    crossDomain:true,
    data:{
        a:5
    },
    type:'POST',
    dataType:'json',
    success:function(data, textStatus, jqXHR) {
        alert(data.name);
    }
});

Script that sends response is:

<?php
header('Access-Control-Allow-Origin: *');
echo file_get_contents('cross.json');

cross.json is:

{
    "name": "konst"
}

When I do GET request, everything is fine. When I do POST, request is not sent and in chrome it says:

XMLHttpRequest cannot load http://fbtest/cross.php. Request header field x-requested-with is not allowed by Access-Control-Allow-Headers.

I've tracked down the code and found these lines in development version of jquery 1.5:

// Requested-With header
// Not set for crossDomain requests with no content
// (see why at http://trac.dojotoolkit.org/ticket/9486)
// Won't change header if already provided
if ( !( s.crossDomain && !s.hasContent ) && !headers["x-requested-with"] ) {
	headers[ "x-requested-with" ] = "XMLHttpRequest";
}

So you've got it right - you should NOT set x-requested-with header for cross-domain request. However you do. When I comment out this logic, it works fine. I think there is something wrong with checks you do.

Change History (1)

comment:1 Changed 11 years ago by jitter

Component: unfiledajax
Description: modified (diff)
Priority: undecidedlow
Note: See TracTickets for help on using tickets.