jquery 我可以从 AJAX 请求中删除X-Requested-With头吗?

gpnt7bae  于 2022-12-03  发布在  jQuery
关注(0)|答案(7)|浏览(232)

我想知道是否有人有过从jquery(或普通JS)发出的 AJAX 请求中删除“X-Requested-With”头的经验。这可能吗?
第二部分:你知道Grease Monkey的 AJAX 请求是否设置了这个头吗?
谢谢
标题如下所示:

X-Requested-With XMLHttpRequest
zzzyeukh

zzzyeukh1#

为什么不呢?试试看:

(function(){
    $.ajaxSettings.beforeSend=function(xhr){
        xhr.setRequestHeader('X-Requested-With', {toString: function(){ return ''; }});
    };
})(jQuery);

祝你好运!

dy2hfwbg

dy2hfwbg2#

要使用jQuery实现这一点,请将您的请求设置为跨域。

服务器.php

<?='<pre>'.print_r($_SERVER,1);?>

客户端.js

$.ajax({ url: 'server.php', crossDomain: true }).success(function(r){document.write(r)})
jogvjijk

jogvjijk3#

“第二部分:你知道油猴子的 AJAX 请求是否设置了这个头吗?”
不,Greasemonkey's GM_xmlhttpRequest()不设置这个头(尽管你当然可以添加它)。
GM_xmlhttpRequest()发出的默认请求看起来就像一个普通的浏览器请求。
例如:

GM_xmlhttpRequest
({
    method:     "GET",
    url:        "http://google.com/",
    onload:     function(response) {alert(response.responseText); }
});

在我的数据包嗅探器中,看起来像这样:

GET / HTTP/1.1
    Request Method: GET
    Request URI: /
    Request Version: HTTP/1.1
Host: google.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: UTF-8,*
Keep-Alive: 115
Connection: keep-alive
Cookie: blah, blah, blah, blah, blah...
jckbn6z7

jckbn6z74#

jQuery目前还没有公开一个方法来实现这一点,there was a ticket on it a while back与Firefox错误有关,但他们没有将其作为一个选项,而是修复了Firefox中的错误问题。
如果您感到好奇,可以在这里看到添加它的位置,但是如果不编辑/覆盖jQuery核心,就无法删除它:http://github.com/jquery/jquery/blob/master/src/ajax.js#L370

brgchamk

brgchamk5#

不管怎样,去掉x-powered-by头的正确方法是在服务器端!例如,如果您正在请求一个PHP脚本,请在PHP.ini中禁用此信息:

expose_php = Off
rks48beu

rks48beu6#

您可能会考虑:

$.ajax({
  url: 'http://fiddle.jshell.net/favicon.png',
  beforeSend: function( xhr ) {
    xhr.setRequestHeader('X-Requested-With', {toString: function(){ return ''; }});
  },
  success: function( data ) {
    if (console && console.log){
      console.log( 'Got data without the X-Requested-With header' );
    }
  }
});
axkjgtzd

axkjgtzd7#

The solution for removing the header in jQuery proposed by @vamp is on the right track, but as others have stated it will still result in an empty X-Requested-With header being sent.
The beforeSend callback receives jQuery's XHR object (jqXHR), rather than the actual XMLHttpRequest object (xhr), which is not even instantiated until after beforeSend is called.
The setRequestHeader method in jqXHR adds headers to an object, which is then iterated later using the xhr method of the same name, just after adding the X-Requested-With entry to the headers object.
Here's the part in jQuery where this is happening:

if ( !options.crossDomain && !headers["X-Requested-With"] ) {
    headers["X-Requested-With"] = "XMLHttpRequest";
}

for ( i in headers ) {
    xhr.setRequestHeader( i, headers[ i ] );
}

Which leads to the problem: If you don't specify the X-Requested-With header, then jQuery will (unless the crossDomain setting evaluates false, but that may not be the desired solution). It then immediately sets the xhr headers, which can not be unset.

To prevent sending the X-Requested-With header with jQuery.ajax:

jQuery.ajax provides a setting, xhr, which overrides jQuery's built-in factory method for creating the XMLHttpRequest object. By wrapping this factory method, and then wrapping the browser's native setRequestHeader method, the call from jQuery to set the X-Requested-With header can be ignored.

jQuery.ajax({

    url: yourAjaxUrl,

    // 'xhr' option overrides jQuery's default
    // factory for the XMLHttpRequest object.
    // Use either in global settings or individual call as shown here.
    xhr: function() {
        // Get new xhr object using default factory
        var xhr = jQuery.ajaxSettings.xhr();
        // Copy the browser's native setRequestHeader method
        var setRequestHeader = xhr.setRequestHeader;
        // Replace with a wrapper
        xhr.setRequestHeader = function(name, value) {
            // Ignore the X-Requested-With header
            if (name == 'X-Requested-With') return;
            // Otherwise call the native setRequestHeader method
            // Note: setRequestHeader requires its 'this' to be the xhr object,
            // which is what 'this' is here when executed.
            setRequestHeader.call(this, name, value);
        }
        // pass it on to jQuery
        return xhr;
    },

    success: function(data, textStatus, jqXHR) {
        // response from request without X-Requested-With header!
    }

    // etc...

});

相关问题