fix($http): remove 'X-Requested-With' from header defaults

rkirov · IgorMinar · commit 3a75b1124d06 · 2012-11-26T23:36:40.000+01:00
X-Requested-With header is rarely used in practice and by using it all the time we are triggering preflight checks for crossdomain requests. We could try detecting if we are doing CORS requests or not, but it doesn't look like it's worth the trouble. BREAKING CHANGE: X-Requested-With header is not set by $http service any more. If anyone actually uses this header it's quite easy to add it back via: ``` myAppModule.config(['$httpProvider', function($httpProvider) { $httpProvider.defaults.headers.common["X-Requested-With"] = 'XMLHttpRequest'; }]); ``` Closes #1004
diff --git a/src/ng/http.js b/src/ng/http.js
@@ -108,8 +108,7 @@ function $HttpProvider() {
     // default headers
     headers: {
       common: {
-        'Accept': 'application/json, text/plain, */*',
-        'X-Requested-With': 'XMLHttpRequest'
+        'Accept': 'application/json, text/plain, */*'
       },
       post: {'Content-Type': 'application/json;charset=utf-8'},
       put:  {'Content-Type': 'application/json;charset=utf-8'}
@@ -212,7 +211,6 @@ function $HttpProvider() {
      *
      * - `$httpProvider.defaults.headers.common` (headers that are common for all requests):
      *   - `Accept: application/json, text/plain, * / *`
-     *   - `X-Requested-With: XMLHttpRequest`
      * - `$httpProvider.defaults.headers.post`: (header defaults for HTTP POST requests)
      *   - `Content-Type: application/json`
      * - `$httpProvider.defaults.headers.put` (header defaults for HTTP PUT requests)
diff --git a/test/ng/httpSpec.js b/test/ng/httpSpec.js
@@ -377,8 +377,7 @@ describe('$http', function() {
 
       it('should set default headers for GET request', function() {
         $httpBackend.expect('GET', '/url', undefined, function(headers) {
-          return headers['Accept'] == 'application/json, text/plain, */*' &&
-                 headers['X-Requested-With'] == 'XMLHttpRequest';
+          return headers['Accept'] == 'application/json, text/plain, */*';
         }).respond('');
 
         $http({url: '/url', method: 'GET', headers: {}});
@@ -389,7 +388,6 @@ describe('$http', function() {
       it('should set default headers for POST request', function() {
         $httpBackend.expect('POST', '/url', 'messageBody', function(headers) {
           return headers['Accept'] == 'application/json, text/plain, */*' &&
-                 headers['X-Requested-With'] == 'XMLHttpRequest' &&
                  headers['Content-Type'] == 'application/json;charset=utf-8';
         }).respond('');
 
@@ -401,7 +399,6 @@ describe('$http', function() {
       it('should set default headers for PUT request', function() {
         $httpBackend.expect('PUT', '/url', 'messageBody', function(headers) {
           return headers['Accept'] == 'application/json, text/plain, */*' &&
-                 headers['X-Requested-With'] == 'XMLHttpRequest' &&
                  headers['Content-Type'] == 'application/json;charset=utf-8';
         }).respond('');
 
@@ -412,8 +409,7 @@ describe('$http', function() {
 
       it('should set default headers for custom HTTP method', function() {
         $httpBackend.expect('FOO', '/url', undefined, function(headers) {
-          return headers['Accept'] == 'application/json, text/plain, */*' &&
-                 headers['X-Requested-With'] == 'XMLHttpRequest';
+          return headers['Accept'] == 'application/json, text/plain, */*';
         }).respond('');
 
         $http({url: '/url', method: 'FOO', headers: {}});
@@ -424,7 +420,6 @@ describe('$http', function() {
       it('should override default headers with custom', function() {
         $httpBackend.expect('POST', '/url', 'messageBody', function(headers) {
           return headers['Accept'] == 'Rewritten' &&
-                 headers['X-Requested-With'] == 'XMLHttpRequest' &&
                  headers['Content-Type'] == 'Rewritten';
         }).respond('');
 
