Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is there any way to remove Ajax headers set by setRequestHeader()?

Tags:

I’m writing a JS script that lives within a system which is now adding a custom XID header to all Ajax requests via jqXHR.setRequestHeader() in a function registered with jQuery.ajaxPrefilter().

In my script, I need to make an Ajax request to a third party site, whose Access-Control-Allow-Headers is not set up to allow this custom XID header.

It seems I have 3 options:

  1. Find a way to remove that XID header in $.ajax()’s beforeSend function, which I have confirmed gets called after the ajaxPrefilter() function.
  2. Forgo using $.ajax() entirely and just write the Ajax stuff myself.
  3. Have $.ajax() point to the system’s backend which does accept the custom XID header, and perform the request to the third party site via cURL.

Option #1 is preferred, if there’s a simple way to do it, since it will be the cleanest and fastest route. Just can’t figure out how.

I have tried overriding it like this, but it didn’t work:

beforeSend: function(jqXHR, settings) {     jqXHR.setRequestHeader('custom-xid-header', null); } 

Any ideas?

like image 716
Brandon Kelly Avatar asked Aug 28 '13 14:08

Brandon Kelly


People also ask

How do I remove a header request?

The dp:remove-http-request-header function removes a specific header field and its associated value from the protocol header of a client request. If the client request contains the header field that is identified by the name parameter, the function removes this header field from the client request.

What is setRequestHeader ajax?

setRequestHeader(header, value) Adds HTTP headers to the request. header: specifies the header name. value: specifies the header value.

What is XHR setRequestHeader?

The XMLHttpRequest method setRequestHeader() sets the value of an HTTP request header. When using setRequestHeader() , you must call it after calling open() , but before calling send() . If this method is called several times with the same header, the values are merged into one single request header.

Which function is used to cancel the current request in ajax?

Most of the jQuery Ajax methods return an XMLHttpRequest (or the equivalent) object, so you can just use abort() . See the documentation: abort Method (MSDN). Cancels the current HTTP request.

What are the headers of Ajax request?

The headers are additional key-value pairs send along with ajax request using the XMLHttpRequest object. An asynchronous HTTP request to the server by using The ajax () function and by including the header it describes to the server what kind of response it accept.

How does setRequestHeader () work?

Each time you call setRequestHeader () after the first time you call it, the specified text is appended to the end of the existing header's content. If no Accept header has been set using this, an Accept header with the type "*/*" is sent with the request when send () is called.

How do I set the value of an HTTP request header?

Jump to: The XMLHttpRequest method setRequestHeader() sets the value of an HTTP request header. When using setRequestHeader(), you must call it after calling open(), but before calling send(). If this method is called several times with the same header, the values are merged into one single request header.

How to remove HTTP response headers in express JS?

To remove previously set headers in Express.js use the removeHeader () function. Removing an HTTP response header could possible help in few directions: to lower down the security risk of exposing sensitive information, and to speed-up your app/page loading time and besides this that is a positive signal for Google.


1 Answers

I realize this is an old thread, but it's still a problem! Hope the following will help resolve it for someone else as it has for us.

Setting a header to null/undefined/"" after it's been set does not remove it, it sends the header still but with either no value or "undefined" or "null". This is probably never what you want, and in our case, totally screws SSO when it's the Authorization header.

The solution we came up with relies on a mix of @marlar's suggestion (thanks) and another deficiency of jQuery: You can only have ONE beforeSend() hook, and any new hook replaces the previous one. It seems that this is also true if you supply a beforeSend() in a specific $.ajax() request - it will override any default one in $.ajaxSetup(). By doing so, you prevent the default hook from setting the header. (It's not 100% ideal because there may be other things done in the default beforeSend() that will then not happen, but hey).

So this copes with both static and dynamically set headers for a specific request:

if($.ajaxSettings && $.ajaxSettings.headers) {     delete $.ajaxSettings.headers.Authorization; } $.ajax({     beforeSend: function() {}, // no op     // ... }); 

You can't do the same for prefilter(), but I think beforeSend() is the far more common way of doing this anyway.

like image 62
randomsock Avatar answered Sep 28 '22 02:09

randomsock