HTTP_ORIGIN header not being sent via jquery ajax
Question
I am learning about and fiddling with cross-domain requests via jquery. I made a php script that would print all headers it receives
foreach ($_SERVER as $header=>$value){
echo "$header:$value \n";
}
An then I issued an ajax request via jQuery
$.ajax({
url:'http://cin.ufpe.br/~rvcam/test',
success:addData,
crossDomain:true,
contentType:'text/plain',
error:function(xhr, status, error){alert(status+error);}
});
(note that I set crossDomain as true to ensure the request would be treated as CORS)
But the return of the php file is
UNIQUE_ID:U-oSxqwVAAMAAAqLS80AAAAa
HTTP_HOST:cin.ufpe.br
HTTP_CONNECTION:keep-alive
HTTP_CACHE_CONTROL:no-cache
HTTP_PRAGMA:no-cache
HTTP_ACCEPT:*/*
HTTP_USER_AGENT:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
CONTENT_TYPE:text/plain
HTTP_REFERER:http://dresdencodak.com/2007/05/22/for-lack-of-a-better-term/
HTTP_ACCEPT_ENCODING:gzip,deflate,sdch
HTTP_ACCEPT_LANGUAGE:en-US,en;q=0.8,pt;q=0.6
HTTP_COOKIE:__utma=126956233.172626394.1408376074.1408376074.1408376074.1; __utmc=126956233; __utmz=126956233.1408376074.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd= (none); _ga=GA1.2.172626394.1408376074
PATH:/usr/local/bin:/usr/bin:/bin
SERVER_SIGNATURE:
SERVER_SOFTWARE:Apache/2.2.16 (Debian)
SERVER_NAME:cin.ufpe.br
SERVER_ADDR:172.21.0.3
SERVER_PORT:80
REMOTE_ADDR:172.23.16.229
DOCUMENT_ROOT:/etc/apache2/htdocs
SERVER_ADMIN:webmaster@localhost
SCRIPT_FILENAME:/home/rvcam/public_html/test/index.php
REMOTE_PORT:59739
GATEWAY_INTERFACE:CGI/1.1
SERVER_PROTOCOL:HTTP/1.1
REQUEST_METHOD:GET
QUERY_STRING:
REQUEST_URI:/~rvcam/test/
SCRIPT_NAME:/~rvcam/test/index.php
PHP_SELF:/~rvcam/test/index.php
REQUEST_TIME:1408897734
As you see, no "origin" header. Also, I don't know if this is relevant, but the script is running from a chrome extension.
EDIT The context is not important, since I've put the same script on my page and the problem persisted.
2 answers
solution1
3 ACCPTED 2014-08-25 11:55:55
The Origin header is only sent for cross-origin requests that require CORS . When you declare the host permissions in the manifest file, as in "permissions": ["http://example.com/*"] , then any request to example.com within your extension will not use CORS.
If you want to identify requests from your Chrome extension, simply add a custom header:
$.ajax({
url: 'http://example.com',
crossDomain: false,
headers: {
'X-My-Header': 'my header'
}
});
or in vanilla JS:
var x = new XMLHttpRequest();
x.open('GET', 'http://example.com');
x.setRequestHeader('X-My-Header', 'my header');
x.send();
Do NOT forget to check that the request does NOT have a Origin request header. By checking that the Origin header does not exist, you know for sure that the request was made by a page at the same origin, or your extension.
solution2
0 2014-08-24 18:06:59
The problem lies precisely in the fact that the script is being executed from a Chrome Extension. XHR requests must be allowed from the user.
You must add in your manifest.json the "permissions" propriety, just like this
"permissions": [
"http://www.example.com/",
"https://www.example.com/"
]
Reload the extension and it shoud be work.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.