Menu
I wanted to know if anyone has had experience with trying to remove the 'X-Requested-With' header from the ajax request made by jquery (or plain JS). is it possible?
2nd part: do you know if Grease Monkey's ajax requests set this header?
Thanks
header looks like this:
X-Requested-With XMLHttpRequest
210
The X-Requested-With is a request header that a user agent may use to store information about the creation of the request such as client information, method used. Note that the X-Requested-With cannot be added to a cross domain request without the consent of the server via CORS.
The headers are additional key-value pairs send along with ajax request using the XMLHttpRequest object. An asynchronous HTTP request to the server by using The ajax() function and by including the header it describes to the server what kind of response it accept.
XMLHttpRequest provides an abort() method to cancel the sent request to the server. XMLHttpRequest. abort() Method: This method is used to abort or cancel the HTTP request. It will change the readyState of the request to 0, which means the state is not being initialized and the request will not be processed further.
post() methods provide simple tools to send and retrieve data asynchronously from a web server. Both the methods are pretty much identical, apart from one major difference — the $. get() makes Ajax requests using the HTTP GET method, whereas the $. post() makes Ajax requests using the HTTP POST method.
The solution for removing the header in jQuery proposed by @vamp is on the right track, but as others have stated it will still result in an empty X-Requested-With header being sent.
The beforeSend callback receives jQuery's XHR object (jqXHR), rather than the actual XMLHttpRequest object (xhr), which is not even instantiated until after beforeSend is called.
The setRequestHeader method in jqXHR adds headers to an object, which is then iterated later using the xhr method of the same name, just after adding the X-Requested-With entry to the headers object.
Here's the part in jQuery where this is happening:
if ( !options.crossDomain && !headers["X-Requested-With"] ) { headers["X-Requested-With"] = "XMLHttpRequest"; } for ( i in headers ) { xhr.setRequestHeader( i, headers[ i ] ); } Which leads to the problem: If you don't specify the X-Requested-With header, then jQuery will (unless the crossDomain setting evaluates false, but that may not be the desired solution). It then immediately sets the xhr headers, which can not be unset.
To prevent sending the X-Requested-With header with jQuery.ajax:
jQuery.ajax provides a setting, xhr, which overrides jQuery's built-in factory method for creating the XMLHttpRequest object. By wrapping this factory method, and then wrapping the browser's native setRequestHeader method, the call from jQuery to set the X-Requested-With header can be ignored.
jQuery.ajax({ url: yourAjaxUrl, // 'xhr' option overrides jQuery's default // factory for the XMLHttpRequest object. // Use either in global settings or individual call as shown here. xhr: function() { // Get new xhr object using default factory var xhr = jQuery.ajaxSettings.xhr(); // Copy the browser's native setRequestHeader method var setRequestHeader = xhr.setRequestHeader; // Replace with a wrapper xhr.setRequestHeader = function(name, value) { // Ignore the X-Requested-With header if (name == 'X-Requested-With') return; // Otherwise call the native setRequestHeader method // Note: setRequestHeader requires its 'this' to be the xhr object, // which is what 'this' is here when executed. setRequestHeader.call(this, name, value); } // pass it on to jQuery return xhr; }, success: function(data, textStatus, jqXHR) { // response from request without X-Requested-With header! } // etc... }); why not? try:
(function(){ $.ajaxSettings.beforeSend=function(xhr){ xhr.setRequestHeader('X-Requested-With', {toString: function(){ return ''; }}); }; })(jQuery); good luck!
41
"2nd part: do you know if Grease Monkey's ajax requests set this header?"
No, Greasemonkey's GM_xmlhttpRequest() does not set this header (although you can certainly add it).
The default request issued by GM_xmlhttpRequest() looks just like a normal browser request.
For example:
GM_xmlhttpRequest
({
method: "GET",
url: "http://google.com/",
onload: function(response) {alert(response.responseText); }
});
Looks like this to my packet sniffer:
GET / HTTP/1.1
Request Method: GET
Request URI: /
Request Version: HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: UTF-8,*
Keep-Alive: 115
Connection: keep-alive
Cookie: blah, blah, blah, blah, blah...
To do this with jQuery, set your request as cross-domain. Example:
server.php
<?='<pre>'.print_r($_SERVER,1);?>
client.js
$.ajax({ url: 'server.php', crossDomain: true }).success(function(r){document.write(r)})
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
