setting header for AJAX request (specifically, {'X-Requested-With': 'XMLHttpRequest'}

[Joey]

I've found that JQuery is unable to set the X-Requested-With:
XMLHttpRequest header when making AJAX requests from my extension.

I recall mention of this as a security restriction. Can someone please
confirm that this is the case (rather than just an error in my code)?
My manifest declares generous permissions ('http://*/').

If this *is* impossible due to security constraints, I'm curious how
others have worked around it. Specifically, Rails (and its many plug-
ins) uses that header to identify AJAX requests and behave differently
as appropriate. I'd rather not replace that logic with further
considerations that recognize "special" parameters passed by my
extension. Any thoughts?

[Arne Roomann-Kurrik]

I don't think this is a security restriction in extensions.  Can you share the code you're using to set the header?

~Arne

--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To post to this group, send email to chromium-...@chromium.org.
To unsubscribe from this group, send email to chromium-extens...@chromium.org.
For more options, visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en.

[Joey]

I've since realized that jQuery sends this header *by default* with
all AJAX requests. So, my code looks like this:

$.ajax({url:"http://www.example.com"});

...and no header is set. (When I initially asked the question, I was
trying to set it manually with code like this:

$.ajax({
url: "http://www.example.com",
beforeSend : function (xhr) {
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
}
});

In neither case does the header get received.

On Feb 24, 3:07 pm, Arne Roomann-Kurrik <kur...@chromium.org> wrote:
> I don't think this is a security restriction in extensions.  Can you share
> the code you're using to set the header?
>
> ~Arne
>

> On Sun, Feb 20, 2011 at 12:08 AM, Joey <j...@aghion.com> wrote:
> > I've found that JQuery is unable to set the X-Requested-With:
> > XMLHttpRequest header when making AJAX requests from my extension.
>
> > I recall mention of this as a security restriction. Can someone please
> > confirm that this is the case (rather than just an error in my code)?
> > My manifest declares generous permissions ('http://*/').
>
> > If this *is* impossible due to security constraints, I'm curious how
> > others have worked around it. Specifically, Rails (and its many plug-
> > ins) uses that header to identify AJAX requests and behave differently
> > as appropriate. I'd rather not replace that logic with further
> > considerations that recognize "special" parameters passed by my
> > extension. Any thoughts?
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "Chromium-extensions" group.

> > To post to this group, send email to chromium-extensi...@chromium.org.

> > To unsubscribe from this group, send email to

> > chromium-extensions+unsubscr...@chromium.org.

[flies]

Hmm, I have just checked some of my archives and:

beforeSend: function(xhr) {

xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');

},

worked just fine. At least it did, when I was writing them. Maybe you
should check with another version of jquery? I have used 1.4.2.

[darkyndy]

@Joey I didn't tested until now permission 'http://*/' , but from the
documentation it seems that you should use: 'http://*/*' (doc:
http://code.google.com/chrome/extensions/match_patterns.html )