Menu
I’m writing a JS script that lives within a system which is now adding a custom XID header to all Ajax requests via jqXHR.setRequestHeader() in a function registered with jQuery.ajaxPrefilter().
In my script, I need to make an Ajax request to a third party site, whose Access-Control-Allow-Headers is not set up to allow this custom XID header.
It seems I have 3 options:
Option #1 is preferred, if there’s a simple way to do it, since it will be the cleanest and fastest route. Just can’t figure out how.
I have tried overriding it like this, but it didn’t work:
beforeSend: function(jqXHR, settings) { jqXHR.setRequestHeader('custom-xid-header', null); } Any ideas?
716
The dp:remove-http-request-header function removes a specific header field and its associated value from the protocol header of a client request. If the client request contains the header field that is identified by the name parameter, the function removes this header field from the client request.
setRequestHeader(header, value) Adds HTTP headers to the request. header: specifies the header name. value: specifies the header value.
The XMLHttpRequest method setRequestHeader() sets the value of an HTTP request header. When using setRequestHeader() , you must call it after calling open() , but before calling send() . If this method is called several times with the same header, the values are merged into one single request header.
Most of the jQuery Ajax methods return an XMLHttpRequest (or the equivalent) object, so you can just use abort() . See the documentation: abort Method (MSDN). Cancels the current HTTP request.
The headers are additional key-value pairs send along with ajax request using the XMLHttpRequest object. An asynchronous HTTP request to the server by using The ajax () function and by including the header it describes to the server what kind of response it accept.
Each time you call setRequestHeader () after the first time you call it, the specified text is appended to the end of the existing header's content. If no Accept header has been set using this, an Accept header with the type "*/*" is sent with the request when send () is called.
Jump to: The XMLHttpRequest method setRequestHeader() sets the value of an HTTP request header. When using setRequestHeader(), you must call it after calling open(), but before calling send(). If this method is called several times with the same header, the values are merged into one single request header.
To remove previously set headers in Express.js use the removeHeader () function. Removing an HTTP response header could possible help in few directions: to lower down the security risk of exposing sensitive information, and to speed-up your app/page loading time and besides this that is a positive signal for Google.
I realize this is an old thread, but it's still a problem! Hope the following will help resolve it for someone else as it has for us.
Setting a header to null/undefined/"" after it's been set does not remove it, it sends the header still but with either no value or "undefined" or "null". This is probably never what you want, and in our case, totally screws SSO when it's the Authorization header.
The solution we came up with relies on a mix of @marlar's suggestion (thanks) and another deficiency of jQuery: You can only have ONE beforeSend() hook, and any new hook replaces the previous one. It seems that this is also true if you supply a beforeSend() in a specific $.ajax() request - it will override any default one in $.ajaxSetup(). By doing so, you prevent the default hook from setting the header. (It's not 100% ideal because there may be other things done in the default beforeSend() that will then not happen, but hey).
So this copes with both static and dynamically set headers for a specific request:
if($.ajaxSettings && $.ajaxSettings.headers) { delete $.ajaxSettings.headers.Authorization; } $.ajax({ beforeSend: function() {}, // no op // ... }); You can't do the same for prefilter(), but I think beforeSend() is the far more common way of doing this anyway.
62
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
