0

Add X-Requested-With xmlhttprequest to AJAX request header

How do I add X-Requested-With xmlhttprequest to the AJAX request header? I've tried any but can't add this to the header for an http request using ajax, the request is cross-site. I use jQuery but I can also use XmlHttpRequest.

19th Jun 2021, 11:35 AM
Mick
Mick - avatar
12 Antworten
+ 2
with XMLHttptRequest object, use addRequestHeader("X-Fowarded-With", value) method ^^ https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/setRequestHeader
19th Jun 2021, 12:39 PM
visph
visph - avatar
0
for cross domain request, you must configure server to allow that... header must contain: Access-Control-Allow-Origin=* Access-Control-Allow-Methods=GET, POST, PUT, OPTIONS Access-Control-Allow-Headers=Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token doesn't need to explicitly set X-Requested-With header on front side... (browser should set it according to the way used to make the request)... for specific cases, browser should first make an 'OPTIONS' request: you should check that the route (on server side) handling the targeted ressource accept this method in addition to the method accepted (ie: content-type json with post request, route should handle POST and OPTIONS)
19th Jun 2021, 11:49 AM
visph
visph - avatar
0
I need to set this parameter because otherwise the page to here I make AJAX request redirects me to the index, instead if I manually set (modifying the request with a proxy) this parameter the server replies with what I request
19th Jun 2021, 11:54 AM
Mick
Mick - avatar
0
you must have access to the server to change header parameters allowing cross site requests: you cannot use a proxy to bypass this security ;P
19th Jun 2021, 11:56 AM
visph
visph - avatar
0
Those who wrote the js code from which I extracted the code for the query did a weird game by modifying the jQuery.ajaxTransport () function inside the jQuery library, too bad I didn't understand how to replicate this without copying the whole file JS.
19th Jun 2021, 12:04 PM
Mick
Mick - avatar
0
If I delete X Requested With from the request (the one made from the original page) the server responds with the redirect
19th Jun 2021, 12:09 PM
Mick
Mick - avatar
0
If you're trying to "replicate" I guess the original code do not make a cross domain request, and the server do not allow requests from others domains... as you cannot do the request from the same domain, you cannot "replicate" the request ^^ ... and maybe there are more security checks (and probably obfuscation) to prevent cheating on a game server ;P
19th Jun 2021, 12:13 PM
visph
visph - avatar
0
CORS policy is not a problem, I have disabled it! lol How do you explain that the original JS code adds that parameter to the header when making an AJAX get request via jquery?
19th Jun 2021, 12:21 PM
Mick
Mick - avatar
0
because the request probably need an unusual value for it ^^
19th Jun 2021, 12:22 PM
visph
visph - avatar
0
no obfuscation, only 100000 lines of code in one file and no login and no cookies needed
19th Jun 2021, 12:22 PM
Mick
Mick - avatar
0
but can't I add this parameter before sending the request to the server?
19th Jun 2021, 12:31 PM
Mick
Mick - avatar
0
Ok thanks for answer
19th Jun 2021, 3:23 PM
Mick
Mick - avatar