View Full Version : http headers added to Ajax request end up in "Access-Control-Request-Headers"

25 Apr 2012, 7:32 AM
I'm trying to add an authorization header to an Ajax.request and the headers are ending up inside "Access-Control-Reqest-Headers"... is that the expected behavior? The server-side is acting as if the headers are missing (presumably expecting them to be at the top level as key:value pairings, as is the case with the rest of the headers). A google search revealed a similar topic related to jquery, so I'm guessing maybe this is "working as intended". My code is pretty straightforward:

url: <someurl>,

success: this.myResultCallback,
failure: this.myResultError,
scope: this,
jsonData: {
'name' : name,
'description' : desc
headers: {
'myheader': 'foo',//just to test that it shows up
'Authorization' : authHeader //defined above as a base 64 encoded user/pass

26 Apr 2012, 8:11 PM
Are you trying to make an Ajax request to a server with a different origin? Sounds like you're straying into a CORS request to me.

30 Apr 2012, 7:44 AM
I'm not entirely sure what you mean. It is a request to a different server than the one that served up the original page (though it is within the same domain).

30 Apr 2012, 7:56 AM
The same domain isn't really relevant from the point of view of the browser's same origin policy.

Go back a couple of years and Ajax requests were not allowed to be made to a different server, you'd have had to use JSON-P instead.

Recently browsers have introduced something called CORS (cross-origin resource sharing). This is only available in certain browsers so you should be careful to assess your requirements before using it. To ensure security is maintained there are some extra restrictions on what you can and can't do. In all cases the server must be configured to return appropriate headers to allow the requests.


30 Apr 2012, 8:05 AM
Thanks I'll check it out, this at least answers why the problem is occurring