{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 高级女魔头 的问题《Add Header in AJAX Request with jQuery》','https://www.manongdao.com/q-8742.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I would like to add a custom header to an AJAX POST request from jQuery.
I have tried this:
$.ajax({
type: 'POST',
url: url,
headers: {
"My-First-Header":"first value",
"My-Second-Header":"second value"
}
//OR
//beforeSend: function(xhr) {
// xhr.setRequestHeader("My-First-Header", "first value");
// xhr.setRequestHeader("My-Second-Header", "second value");
//}
}).done(function(data) {
alert(data);
});
When I send this request and I watch with FireBug, I see this header:
OPTIONS xxxx/yyyy HTTP/1.1
Host: 127.0.0.1:6666
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20100101 Firefox/11.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: fr,fr-fr;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: keep-alive
Origin: null
Access-Control-Request-Method: POST
Access-Control-Request-Headers: my-first-header,my-second-header
Pragma: no-cache
Cache-Control: no-cache
Why do my custom headers go to Access-Control-Request-Headers:
Access-Control-Request-Headers: my-first-header,my-second-header
I was expecting a header values like this:
My-First-Header: first value
My-Second-Header: second value
Is it possible?
Here is an example how to set a Request Header in a JQuery Ajax Call:
And that is why you can't create a bot with Javascript, because your options are limited to what the browser allows you to do. You can't just order a browser that follows the
CORSpolicy, which most browsers follow, to send random requests to other origins and allow you to get the response that simply!Additionally, if you tried to edit some request headers manually like
origin-headerfrom the developers tools that come with the browsers, the browser will refuse your edit, and may send a preflightOPTIONSrequest.Try to use rack-cors gem. And add the header field in your ajax call.
This code below works for me. I always use only single quotes, and it works fine. I suggest you should use only single quotes OR only double quotes, but not mixed up.
Hope this answers your question...
UPDATE for Laravel 5.6+:
In the latest version of Laravel (at least from Laravel 5.6 and above), it's NOT X_CSRF_TOKEN but X-CSRF-TOKEN.
Hope this clarifies.
What you saw in Firefox was not the actual request; note that the HTTP method is OPTIONS, not POST. It was actually the 'pre-flight' request that the browser makes to determine whether a cross-domain AJAX request should be allowed:
http://www.w3.org/TR/cors/
The Access-Control-Request-Headers header in the pre-flight request includes the list of headers in the actual request. The server is then expected to report back whether these headers are supported in this context or not, before the browser submits the actual request.