Commit fa2c3269 authored by Matthew Taylor's avatar Matthew Taylor

Only apply `X-Requested-With` to same domain

it breaks on cross domain
parent 9c88f92f
...@@ -18,9 +18,7 @@ var urlParams = require('./url-params'); ...@@ -18,9 +18,7 @@ var urlParams = require('./url-params');
module.exports = function (opts, callback) { module.exports = function (opts, callback) {
defaultsDeep(opts, { defaultsDeep(opts, {
host: process.env.API_HOST, host: process.env.API_HOST,
headers: { headers: {},
'X-Requested-With': 'XMLHttpRequest'
},
responseType: 'json', responseType: 'json',
useCsrf: false useCsrf: false
}); });
...@@ -52,6 +50,8 @@ module.exports = function (opts, callback) { ...@@ -52,6 +50,8 @@ module.exports = function (opts, callback) {
opts.uri = parts[0] + '?' + qs; opts.uri = parts[0] + '?' + qs;
} }
} else {
opts['X-Requested-With'] = 'XMLHttpRequest';
} }
xhr(opts, function (err, res, body) { xhr(opts, function (err, res, body) {
if (err) log.error(err); if (err) log.error(err);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment