From 3a75b1124d062f64093a90b26630938558909e8d Mon Sep 17 00:00:00 2001
From: Rado Kirov
Date: Fri, 12 Oct 2012 12:41:05 -0700
Subject: fix($http): remove 'X-Requested-With' from header defaults

X-Requested-With header is rarely used in practice and by using
it all the time we are triggering preflight checks for crossdomain
requests.

We could try detecting if we are doing CORS requests or not, but
it doesn't look like it's worth the trouble.

BREAKING CHANGE: X-Requested-With header is not set by $http service
any more. If anyone actually uses this header it's quite easy to add
it back via:

```
myAppModule.config(['$httpProvider', function($httpProvider) {
    $httpProvider.defaults.headers.common["X-Requested-With"] = 'XMLHttpRequest';
}]);
```

Closes #1004
---
 src/ng/http.js | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'src/ng')

diff --git a/src/ng/http.js b/src/ng/http.js
index 9b133476..19e50dc1 100644
--- a/src/ng/http.js
+++ b/src/ng/http.js
@@ -108,8 +108,7 @@ function $HttpProvider() {
     // default headers
     headers: {
       common: {
-        'Accept': 'application/json, text/plain, */*',
-        'X-Requested-With': 'XMLHttpRequest'
+        'Accept': 'application/json, text/plain, */*'
       },
       post: {'Content-Type': 'application/json;charset=utf-8'},
       put:  {'Content-Type': 'application/json;charset=utf-8'}
@@ -212,7 +211,6 @@ function $HttpProvider() {
      *
      * - `$httpProvider.defaults.headers.common` (headers that are common for all requests):
      *   - `Accept: application/json, text/plain, * / *`
-     *   - `X-Requested-With: XMLHttpRequest`
      * - `$httpProvider.defaults.headers.post`: (header defaults for HTTP POST requests)
      *   - `Content-Type: application/json`
      * - `$httpProvider.defaults.headers.put` (header defaults for HTTP PUT requests)
-- 
cgit v1.2.3