Add X-Requested-With xmlhttprequest to AJAX request header

How do I add X-Requested-With xmlhttprequest to the AJAX request header? I've tried any but can't add this to the header for an http request using ajax, the request is cross-site. I use jQuery but I can also use XmlHttpRequest.

javascript ajax jquery web xmlhttprequest cors xhr cross-site

19th Jun 2021, 11:35 AM

Mick

12 Answers

+ 2

with XMLHttptRequest object, use addRequestHeader("X-Fowarded-With", value) method ^^ https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest/setRequestHeader

19th Jun 2021, 12:39 PM

visph

for cross domain request, you must configure server to allow that... header must contain: Access-Control-Allow-Origin=* Access-Control-Allow-Methods=GET, POST, PUT, OPTIONS Access-Control-Allow-Headers=Origin, Accept, Content-Type, X-Requested-With, X-CSRF-Token doesn't need to explicitly set X-Requested-With header on front side... (browser should set it according to the way used to make the request)... for specific cases, browser should first make an 'OPTIONS' request: you should check that the route (on server side) handling the targeted ressource accept this method in addition to the method accepted (ie: content-type json with post request, route should handle POST and OPTIONS)

19th Jun 2021, 11:49 AM

visph

I need to set this parameter because otherwise the page to here I make AJAX request redirects me to the index, instead if I manually set (modifying the request with a proxy) this parameter the server replies with what I request

19th Jun 2021, 11:54 AM

Mick

you must have access to the server to change header parameters allowing cross site requests: you cannot use a proxy to bypass this security ;P

19th Jun 2021, 11:56 AM

visph

Those who wrote the js code from which I extracted the code for the query did a weird game by modifying the jQuery.ajaxTransport () function inside the jQuery library, too bad I didn't understand how to replicate this without copying the whole file JS.

19th Jun 2021, 12:04 PM

Mick

If I delete X Requested With from the request (the one made from the original page) the server responds with the redirect

19th Jun 2021, 12:09 PM

Mick

If you're trying to "replicate" I guess the original code do not make a cross domain request, and the server do not allow requests from others domains... as you cannot do the request from the same domain, you cannot "replicate" the request ^^ ... and maybe there are more security checks (and probably obfuscation) to prevent cheating on a game server ;P

19th Jun 2021, 12:13 PM

visph

CORS policy is not a problem, I have disabled it! lol How do you explain that the original JS code adds that parameter to the header when making an AJAX get request via jquery?

19th Jun 2021, 12:21 PM

Mick

because the request probably need an unusual value for it ^^

19th Jun 2021, 12:22 PM

visph

no obfuscation, only 100000 lines of code in one file and no login and no cookies needed

19th Jun 2021, 12:22 PM

Mick

but can't I add this parameter before sending the request to the server?

19th Jun 2021, 12:31 PM

Mick

Ok thanks for answer