Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Possibility to remove X-* headers for CORS request #88

merged 1 commit into from Dec 28, 2012


None yet
4 participants

victor-homyakov commented Dec 27, 2012

Ajax.Request#setRequestHeaders() unconditionally adds specific headers to any request.

This patch gives possibility to remove these headers in order to allow simple CORS request.

Based on Stack Overflow question and Ticket 1590

@savetheclocktower savetheclocktower added a commit that referenced this pull request Dec 28, 2012

@savetheclocktower savetheclocktower Merge pull request #88 from victor-homyakov/patch-32
Don’t send Ajax headers whose values are `null`.

This allows end users to opt out of `X-Requested-With` and `X-Prototype-Version` by explicitly setting them to `null`. (Use case: making a CORS Ajax request without a preflight request.)

@savetheclocktower savetheclocktower merged commit 4b9fe6f into sstephenson:master Dec 28, 2012

@victor-homyakov victor-homyakov deleted the victor-homyakov:patch-32 branch Nov 25, 2013

kstubs commented Oct 26, 2014

I'm running into this issue. The error I am receiving is: "Refused to get unsafe header "X-JSON". How can I solve this now? Is this code merged into main PrototypeJS branch or do I have to apply a patch? Is there any additional documentation for this?

Here's how I do this right now, but it's a big hammer for a little problem:

    Ajax.Response = Class.create(Ajax.Response, {
      _getHeaderJSON: Prototype.emptyFunction

Put that somewhere before you actually invoke a CORS Ajax request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment