Incorrect HttpRequest->isXMLHttpRequest value in apache 2.4

[pobidowski]

According to http://stackoverflow.com/questions/18185366/header-names-with-underscores-ignored-in-php-5-5-1-apache-2-4-6 header "X_REQUESTED_HTTP" in Apache 2.4 is not available in $_SERVER variable. Therefore, the isXMLHttpRequest method from \Zend\Http\Request returns false which is incorrect value.

[Ocramius]

@pobidowski is there any replacement for it?

[pobidowski]

@Ocramius Yes, php function "apache_request_headers();" contains value of this header under key "X_REQUESTED_HTTP"

[Martin-P]

header "X_REQUESTED_HTTP" in Apache 2.4 is not available in $_SERVER variable

Zend\Http\Request does not use X_REQUESTED_HTTP. It uses X_REQUESTED_WITH, see file. Furthermore I use Apache 2.4.4 here and all works fine when I check if a request is an XMLHttpRequest:

if ($this->getRequest()->isXmlHttpRequest()) {
    // do stuff
}

To make sure this is not because of mod_access_compat module, I deactivated that module and restarted Apache. Still everything works fine.

[pobidowski]

Sorry, I mean "X_REQUESTED_WITH". I have Apache 2.4.6 (only mod_rewrite enabled) and it does not work properly.

[Martin-P]

I did some testing with Apache 2.4.9 and think this info can be useful.

The feature that is mentioned in the topic on Stack Overflow is about custom headers and does not seem to affect X_REQUESTED_WITH. When using apache_request_headers(), the header name is not uppercase X_REQUESTED_WITH with underscores, but mixed case: X-Requested-With with dashes. If it is really all uppercase with underscores in your situation this is also an inconsistancy.

$_SERVER variable

• When using a custom header with name CUSTOM-HEADER-WITH-DASHES, the header can be found under HTTP_CUSTOM_HEADER_WITH_DASHES
• When using a custom header with name CUSTOM_HEADER_WITH_UNDERSCORES it gets dropped, because of the underscores
• Key HTTP_X_REQUESTED_WITH contains the value XMLHttpRequest

apache_request_headers()

• When using a custom header with name CUSTOM-HEADER-WITH-DASHES, the header can be found under the exact same name: CUSTOM-HEADER-WITH-DASHES
• When using a custom header with name CUSTOM_HEADER_WITH_UNDERSCORES, the header can be found under the exact same name: CUSTOM_HEADER_WITH_UNDERSCORES.
• Key X-Requested-With contains the value XMLHttpRequest

Test script:

<?php
if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) and 'XMLHttpRequest' == $_SERVER['HTTP_X_REQUESTED_WITH']) {
    var_dump($_SERVER);
    echo '<hr />';
    var_dump(apache_request_headers());
    exit;
}
?>
<!doctype html>

<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <title>Apache ENV test</title>
    <script src="http://code.jquery.com/jquery-latest.min.js"></script>
    <script>
    //<![CDATA[
    $(function () {
        $('button').click(function () {
            $.ajax({
                type      : 'GET',
                url       :  '<?php echo htmlspecialchars($_SERVER['REQUEST_URI']); ?>',
                beforeSend: function (xhr) {
                    xhr.setRequestHeader('CUSTOM-HEADER-WITH-DASHES', 'Value for header with dashes');
                    xhr.setRequestHeader('CUSTOM_HEADER_WITH_UNDERSCORES', 'Value for header with underscores');
                },
                success   : function(data) {
                    $('#ajax-result').html(data);
                }
            });
        });
    });
    //]]>
    </script>
  </head>

  <body>
    <button>Click me!</button>
    <hr />
    <div id="ajax-result"></div>
  </body>
</html>

[pobidowski]

Thanks for Your explanation. It seems that I send this header with wrong name (uppercase with underscore version). It works fine until I have tested it on Apache 2.4.6.

[GeeH]

This issue has been closed as part of the bug migration program as outlined here - http://framework.zend.com/blog/2016-04-11-issue-closures.html