Cross-Domain AJAX doesn’t send X-Requested-With header

by

If you are using jQuery to do your ajax request, it will not send the header X-Requested-With (HTTP_X_REQUESTED_WITH) = XMLHttpRequest, because it is cross domain. But there are 2 ways to fix this and send the header:

Option 1) Manually set the header in the ajax call: 

$.ajax({
     url: "http://your-url...",
 headers: {'X-Requested-With': 'XMLHttpRequest'}
});

Option 2) Tell jQuery not to use cross domain defaults, so it will keep the X-Requested-With header in the ajax request: 

$.ajax({
  url: "http://your-url...",
 crossDomain: false
});

But with this, the server must allow those headers, then the server needs to print those headers: 

print "Access-Control-Allow-Origin: *\n";
print "Access-Control-Allow-Headers: X-Requested-With, Content-Type\n";

The first line above will avoid the error “Origin is not allowed by Access-Control-Allow-Origin.”
The second line will avoid the error “Request header field X-Requested-With is not allowed by Access-Control-Allow-Headers.”

More Related Contents:

  1. Same origin Policy and CORS (Cross-origin resource sharing)
  2. What security risks exist when setting Access-Control-Allow-Origin to accept all domains?
  3. Enable CORS in Golang
  4. Origin is not allowed by Access-Control-Allow-Origin
  5. CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true
  6. What’s the point of the X-Requested-With header?
  7. What is the motivation behind the introduction of preflight CORS requests?
  8. CORS error on same domain?
  9. CORS issue while making an Ajax request for oauth2 access token
  10. Understanding AJAX CORS and security considerations
  11. API Gateway CORS: no ‘Access-Control-Allow-Origin’ header
  12. How to enable cross-domain request on the server?
  13. Is CORS a secure way to do cross-domain AJAX requests?
  14. Access denied in IE 10 and 11 when ajax target is localhost
  15. Cross-Domain Requests with jQuery
  16. No ‘Access-Control-Allow-Origin’ header is present on the requested resource- AngularJS
  17. $http.get is not allowed by Access-Control-Allow-Origin but $.ajax is
  18. ‘No Transport’ Error w/ jQuery ajax call in IE
  19. Set-Cookie on Browser with Ajax Request via CORS
  20. Are different ports on the same server considered cross-domain? (Ajax-wise)
  21. Ajax Cross Domain Calls
  22. Ajax call bug with Chrome new version 73.0.3683.75?
  23. Using the HTTP Range Header with a range specifier other than bytes?
  24. Web sockets make ajax/CORS obsolete?
  25. Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
  26. Cross-Origin Request Blocked
  27. No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘…’ is therefore not allowed access
  28. Getting “net::ERR_BLOCKED_BY_CLIENT” error on some AJAX calls
  29. Does Vue.JS work with AJAX http calls?
  30. List of events

Leave a Comment