From 3a75b1124d062f64093a90b26630938558909e8d Mon Sep 17 00:00:00 2001 From: Rado Kirov Date: Fri, 12 Oct 2012 12:41:05 -0700 Subject: [PATCH] fix($http): remove 'X-Requested-With' from header defaults X-Requested-With header is rarely used in practice and by using it all the time we are triggering preflight checks for crossdomain requests. We could try detecting if we are doing CORS requests or not, but it doesn't look like it's worth the trouble. BREAKING CHANGE: X-Requested-With header is not set by $http service any more. If anyone actually uses this header it's quite easy to add it back via: ``` myAppModule.config(['$httpProvider', function($httpProvider) { $httpProvider.defaults.headers.common["X-Requested-With"] = 'XMLHttpRequest'; }]); ``` Closes #1004 --- src/ng/http.js | 4 +--- test/ng/httpSpec.js | 9 ++------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/src/ng/http.js b/src/ng/http.js index 9b133476b6fc..19e50dc18105 100644 --- a/src/ng/http.js +++ b/src/ng/http.js @@ -108,8 +108,7 @@ function $HttpProvider() { // default headers headers: { common: { - 'Accept': 'application/json, text/plain, */*', - 'X-Requested-With': 'XMLHttpRequest' + 'Accept': 'application/json, text/plain, */*' }, post: {'Content-Type': 'application/json;charset=utf-8'}, put: {'Content-Type': 'application/json;charset=utf-8'} @@ -212,7 +211,6 @@ function $HttpProvider() { * * - `$httpProvider.defaults.headers.common` (headers that are common for all requests): * - `Accept: application/json, text/plain, * / *` - * - `X-Requested-With: XMLHttpRequest` * - `$httpProvider.defaults.headers.post`: (header defaults for HTTP POST requests) * - `Content-Type: application/json` * - `$httpProvider.defaults.headers.put` (header defaults for HTTP PUT requests) diff --git a/test/ng/httpSpec.js b/test/ng/httpSpec.js index 060cadc97577..5049a2180c3c 100644 --- a/test/ng/httpSpec.js +++ b/test/ng/httpSpec.js @@ -377,8 +377,7 @@ describe('$http', function() { it('should set default headers for GET request', function() { $httpBackend.expect('GET', '/url', undefined, function(headers) { - return headers['Accept'] == 'application/json, text/plain, */*' && - headers['X-Requested-With'] == 'XMLHttpRequest'; + return headers['Accept'] == 'application/json, text/plain, */*'; }).respond(''); $http({url: '/url', method: 'GET', headers: {}}); @@ -389,7 +388,6 @@ describe('$http', function() { it('should set default headers for POST request', function() { $httpBackend.expect('POST', '/url', 'messageBody', function(headers) { return headers['Accept'] == 'application/json, text/plain, */*' && - headers['X-Requested-With'] == 'XMLHttpRequest' && headers['Content-Type'] == 'application/json;charset=utf-8'; }).respond(''); @@ -401,7 +399,6 @@ describe('$http', function() { it('should set default headers for PUT request', function() { $httpBackend.expect('PUT', '/url', 'messageBody', function(headers) { return headers['Accept'] == 'application/json, text/plain, */*' && - headers['X-Requested-With'] == 'XMLHttpRequest' && headers['Content-Type'] == 'application/json;charset=utf-8'; }).respond(''); @@ -412,8 +409,7 @@ describe('$http', function() { it('should set default headers for custom HTTP method', function() { $httpBackend.expect('FOO', '/url', undefined, function(headers) { - return headers['Accept'] == 'application/json, text/plain, */*' && - headers['X-Requested-With'] == 'XMLHttpRequest'; + return headers['Accept'] == 'application/json, text/plain, */*'; }).respond(''); $http({url: '/url', method: 'FOO', headers: {}}); @@ -424,7 +420,6 @@ describe('$http', function() { it('should override default headers with custom', function() { $httpBackend.expect('POST', '/url', 'messageBody', function(headers) { return headers['Accept'] == 'Rewritten' && - headers['X-Requested-With'] == 'XMLHttpRequest' && headers['Content-Type'] == 'Rewritten'; }).respond('');