diff options
| author | Rado Kirov | 2012-10-12 12:41:05 -0700 |
|---|---|---|
| committer | Igor Minar | 2012-11-26 23:36:40 +0100 |
| commit | 3a75b1124d062f64093a90b26630938558909e8d (patch) | |
| tree | 83bce3c782b6bd127dfb3df58def57dce329a9d6 | |
| parent | a32bc40fd75ca46e3581ad7a6e3a24a31df6e266 (diff) | |
| download | angular.js-3a75b1124d062f64093a90b26630938558909e8d.tar.bz2 | |
fix($http): remove 'X-Requested-With' from header defaults
X-Requested-With header is rarely used in practice and by using
it all the time we are triggering preflight checks for crossdomain
requests.
We could try detecting if we are doing CORS requests or not, but
it doesn't look like it's worth the trouble.
BREAKING CHANGE: X-Requested-With header is not set by $http service
any more. If anyone actually uses this header it's quite easy to add
it back via:
```
myAppModule.config(['$httpProvider', function($httpProvider) {
$httpProvider.defaults.headers.common["X-Requested-With"] = 'XMLHttpRequest';
}]);
```
Closes #1004
| -rw-r--r-- | src/ng/http.js | 4 | ||||
| -rw-r--r-- | test/ng/httpSpec.js | 9 |
2 files changed, 3 insertions, 10 deletions
diff --git a/src/ng/http.js b/src/ng/http.js index 9b133476..19e50dc1 100644 --- a/src/ng/http.js +++ b/src/ng/http.js @@ -108,8 +108,7 @@ function $HttpProvider() { // default headers headers: { common: { - 'Accept': 'application/json, text/plain, */*', - 'X-Requested-With': 'XMLHttpRequest' + 'Accept': 'application/json, text/plain, */*' }, post: {'Content-Type': 'application/json;charset=utf-8'}, put: {'Content-Type': 'application/json;charset=utf-8'} @@ -212,7 +211,6 @@ function $HttpProvider() { * * - `$httpProvider.defaults.headers.common` (headers that are common for all requests): * - `Accept: application/json, text/plain, * / *` - * - `X-Requested-With: XMLHttpRequest` * - `$httpProvider.defaults.headers.post`: (header defaults for HTTP POST requests) * - `Content-Type: application/json` * - `$httpProvider.defaults.headers.put` (header defaults for HTTP PUT requests) diff --git a/test/ng/httpSpec.js b/test/ng/httpSpec.js index 060cadc9..5049a218 100644 --- a/test/ng/httpSpec.js +++ b/test/ng/httpSpec.js @@ -377,8 +377,7 @@ describe('$http', function() { it('should set default headers for GET request', function() { $httpBackend.expect('GET', '/url', undefined, function(headers) { - return headers['Accept'] == 'application/json, text/plain, */*' && - headers['X-Requested-With'] == 'XMLHttpRequest'; + return headers['Accept'] == 'application/json, text/plain, */*'; }).respond(''); $http({url: '/url', method: 'GET', headers: {}}); @@ -389,7 +388,6 @@ describe('$http', function() { it('should set default headers for POST request', function() { $httpBackend.expect('POST', '/url', 'messageBody', function(headers) { return headers['Accept'] == 'application/json, text/plain, */*' && - headers['X-Requested-With'] == 'XMLHttpRequest' && headers['Content-Type'] == 'application/json;charset=utf-8'; }).respond(''); @@ -401,7 +399,6 @@ describe('$http', function() { it('should set default headers for PUT request', function() { $httpBackend.expect('PUT', '/url', 'messageBody', function(headers) { return headers['Accept'] == 'application/json, text/plain, */*' && - headers['X-Requested-With'] == 'XMLHttpRequest' && headers['Content-Type'] == 'application/json;charset=utf-8'; }).respond(''); @@ -412,8 +409,7 @@ describe('$http', function() { it('should set default headers for custom HTTP method', function() { $httpBackend.expect('FOO', '/url', undefined, function(headers) { - return headers['Accept'] == 'application/json, text/plain, */*' && - headers['X-Requested-With'] == 'XMLHttpRequest'; + return headers['Accept'] == 'application/json, text/plain, */*'; }).respond(''); $http({url: '/url', method: 'FOO', headers: {}}); @@ -424,7 +420,6 @@ describe('$http', function() { it('should override default headers with custom', function() { $httpBackend.expect('POST', '/url', 'messageBody', function(headers) { return headers['Accept'] == 'Rewritten' && - headers['X-Requested-With'] == 'XMLHttpRequest' && headers['Content-Type'] == 'Rewritten'; }).respond(''); |