0
Add X-Requested-With xmlhttprequest to AJAX request header
How do I add X-Requested-With xmlhttprequest to the AJAX request header? I've tried any but can't add this to the header for an http request using ajax, the request is cross-site. I use jQuery but I can also use XmlHttpRequest.
12 Respostas
+ 2
with XMLHttptRequest object, use addRequestHeader("X-Fowarded-With", value) method ^^
https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/setRequestHeader
0
for cross domain request, you must configure server to allow that... header must contain:
Access-Control-Allow-Origin=*
Access-Control-Allow-Methods=GET, POST, PUT, OPTIONS
Access-Control-Allow-Headers=Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token
doesn't need to explicitly set X-Requested-With header on front side... (browser should set it according to the way used to make the request)...
for specific cases, browser should first make an 'OPTIONS' request: you should check that the route (on server side) handling the targeted ressource accept this method in addition to the method accepted (ie: content-type json with post request, route should handle POST and OPTIONS)
0
I need to set this parameter because otherwise the page to here I make AJAX request redirects me to the index, instead if I manually set (modifying the request with a proxy) this parameter the server replies with what I request
0
you must have access to the server to change header parameters allowing cross site requests: you cannot use a proxy to bypass this security ;P
0
Those who wrote the js code from which I extracted the code for the query did a weird game by modifying the jQuery.ajaxTransport () function inside the jQuery library, too bad I didn't understand how to replicate this without copying the whole file JS.
0
If I delete X Requested With from the request (the one made from the original page) the server responds with the redirect
0
If you're trying to "replicate" I guess the original code do not make a cross domain request, and the server do not allow requests from others domains... as you cannot do the request from the same domain, you cannot "replicate" the request ^^
... and maybe there are more security checks (and probably obfuscation) to prevent cheating on a game server ;P
0
CORS policy is not a problem, I have disabled it! lol How do you explain that the original JS code adds that parameter to the header when making an AJAX get request via jquery?
0
because the request probably need an unusual value for it ^^
0
no obfuscation, only 100000 lines of code in one file and no login and no cookies needed
0
but can't I add this parameter before sending the request to the server?
0
Ok thanks for answer