Disable the X-Requested-With header to avoid preflighting remote POST requests. Fixes #4601.
This commit is contained in:
parent
0f6e9a8c69
commit
a7678267d8
1 changed files with 7 additions and 5 deletions
12
src/ajax.js
12
src/ajax.js
|
@ -275,13 +275,12 @@ jQuery.extend({
|
|||
}
|
||||
|
||||
// Matches an absolute URL, and saves the domain
|
||||
var parts = rurl.exec( s.url );
|
||||
var parts = rurl.exec( s.url ),
|
||||
remote = parts && (parts[1] && parts[1] !== location.protocol || parts[2] !== location.host);
|
||||
|
||||
// If we're requesting a remote document
|
||||
// and trying to load JSON or Script with a GET
|
||||
if ( s.dataType === "script" && type === "GET" && parts
|
||||
&& ( parts[1] && parts[1] !== location.protocol || parts[2] !== location.host )) {
|
||||
|
||||
if ( s.dataType === "script" && type === "GET" && remote ) {
|
||||
var head = document.getElementsByTagName("head")[0] || document.documentElement;
|
||||
var script = document.createElement("script");
|
||||
script.src = s.url;
|
||||
|
@ -350,7 +349,10 @@ jQuery.extend({
|
|||
}
|
||||
|
||||
// Set header so the called script knows that it's an XMLHttpRequest
|
||||
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
|
||||
// Only send the header if it's not a remote XHR
|
||||
if ( !remote ) {
|
||||
xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
|
||||
}
|
||||
|
||||
// Set the Accepts header for the server, depending on the dataType
|
||||
xhr.setRequestHeader("Accept", s.dataType && s.accepts[ s.dataType ] ?
|
||||
|
|
Loading…
Reference in a new issue