Angular.js, when accessing a web service using the $http object, automatically adds a X-Requested-With:XMLHttpRequest header to the request.
Angular.js在使用$ http对象访问Web服务时,会自动向请求添加X-Requested-With:XMLHttpRequest标头。
The web service I am accessing using CORS doesn't support X-Requested-With header, so I tried to eliminate it but I can't acess the $httpProvider object. I get an undefined object error, and if I reference it in the controllers parameters, so that angular injects it I get a "Error: Unknown provider: $httpProviderProvider <- $httpProvider"
我使用CORS访问的Web服务不支持X-Requested-With标头,所以我试图消除它,但我不能访问$ httpProvider对象。我得到一个未定义的对象错误,如果我在控制器参数中引用它,那么angular注入它我得到一个“错误:未知的提供者:$ httpProviderProvider < - $ httpProvider”
So I wonder how can I access the $httpProvider, like it says in the docs (http://docs.angularjs.org/api/ng.$http) to tell angular.js not to send that header...
所以我想知道如何访问$ httpProvider,就像它在文档(http://docs.angularjs.org/api/ng.$http)中所说的那样告诉angular.js不要发送那个头...
4 个解决方案
#1
25
angular.module('myModule', [])
.config(['$httpProvider', function($httpProvider) {
delete $httpProvider.defaults.headers.common["X-Requested-With"]
}])
#2
11
I found that, besides Justen answer, I can also do it on a per request basis like this:
我发现,除了Justen的回答,我也可以按照以下要求进行:
delete $http.defaults.headers.common['X-Requested-With']
#3
6
Since Angular JS version 1.1.1 removing the header is no longer necessary.
See the change log:
https://github.com/angular/angular.js/blob/master/CHANGELOG.md#111-pathological-kerning-2012-11-26
请参阅更改日志:https://github.com/angular/angular.js/blob/master/CHANGELOG.md#111-pathological-kerning-2012-11-26
For people like me who were using the header to identify ajax requests and respond to them differently.
像我这样的人使用标题来识别ajax请求并以不同方式响应它们。
e.g. making a request after the session expires.
例如会话到期后发出请求。
You can re-enable the header like so:
您可以重新启用标头,如下所示:
angular.module('yourModule', [])
.config(['$httpProvider', function($httpProvider) {
$httpProvider.defaults.headers.common["X-Requested-With"] = 'XMLHttpRequest';
}]);
#4
0
Since Angular JS version 1.1.1 removing the header is no longer necessary. This change got mentioned on https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers
由于不再需要Angular JS 1.1.1版删除标题。在https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers上提到了这一变化
As shown by Josue, this can be easily added to all requests again as follows:
如Josue所示,这可以轻松地再次添加到所有请求中,如下所示:
angular.module('yourModule', [])
.config(['$httpProvider', function($httpProvider) {
$httpProvider.defaults.headers.common["X-Requested-With"] = 'XMLHttpRequest';
}]);
Set the configuration for the header to undefined to remove the header for specific external requests.
将标头的配置设置为undefined,以删除特定外部请求的标头。
let urlExternalValidator = 'https://openiban.com/validate/' + this.iban + '?getBIC=true&validateBankCode=true';
this.$http.get(urlExternalValidator, {
// simple request to not trigger a CORS preflight
// https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
headers: {
'X-Requested-With': undefined
}
})
In addition, you can supply a headers property in the config object passed when calling $http(config), which overrides the defaults without changing them globally.
此外,您可以在调用$ http(config)时传递的config对象中提供headers属性,该属性会覆盖默认值而不会全局更改它们。
To explicitly remove a header automatically added via $httpProvider.defaults.headers on a per request basis, Use the headers property, setting the desired header to undefined
要基于每个请求显式删除通过$ httpProvider.defaults.headers自动添加的标头,请使用headers属性,将所需标头设置为undefined
https://docs.angularjs.org/api/ng/service/$http#setting-http-headers
https://docs.angularjs.org/api/ng/service/$http#setting-http-headers
#1
25
angular.module('myModule', [])
.config(['$httpProvider', function($httpProvider) {
delete $httpProvider.defaults.headers.common["X-Requested-With"]
}])
#2
11
I found that, besides Justen answer, I can also do it on a per request basis like this:
我发现,除了Justen的回答,我也可以按照以下要求进行:
delete $http.defaults.headers.common['X-Requested-With']
#3
6
Since Angular JS version 1.1.1 removing the header is no longer necessary.
See the change log:
https://github.com/angular/angular.js/blob/master/CHANGELOG.md#111-pathological-kerning-2012-11-26
请参阅更改日志:https://github.com/angular/angular.js/blob/master/CHANGELOG.md#111-pathological-kerning-2012-11-26
For people like me who were using the header to identify ajax requests and respond to them differently.
像我这样的人使用标题来识别ajax请求并以不同方式响应它们。
e.g. making a request after the session expires.
例如会话到期后发出请求。
You can re-enable the header like so:
您可以重新启用标头,如下所示:
angular.module('yourModule', [])
.config(['$httpProvider', function($httpProvider) {
$httpProvider.defaults.headers.common["X-Requested-With"] = 'XMLHttpRequest';
}]);
#4
0
Since Angular JS version 1.1.1 removing the header is no longer necessary. This change got mentioned on https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers
由于不再需要Angular JS 1.1.1版删除标题。在https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers上提到了这一变化
As shown by Josue, this can be easily added to all requests again as follows:
如Josue所示,这可以轻松地再次添加到所有请求中,如下所示:
angular.module('yourModule', [])
.config(['$httpProvider', function($httpProvider) {
$httpProvider.defaults.headers.common["X-Requested-With"] = 'XMLHttpRequest';
}]);
Set the configuration for the header to undefined to remove the header for specific external requests.
将标头的配置设置为undefined,以删除特定外部请求的标头。
let urlExternalValidator = 'https://openiban.com/validate/' + this.iban + '?getBIC=true&validateBankCode=true';
this.$http.get(urlExternalValidator, {
// simple request to not trigger a CORS preflight
// https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
headers: {
'X-Requested-With': undefined
}
})
In addition, you can supply a headers property in the config object passed when calling $http(config), which overrides the defaults without changing them globally.
此外,您可以在调用$ http(config)时传递的config对象中提供headers属性,该属性会覆盖默认值而不会全局更改它们。
To explicitly remove a header automatically added via $httpProvider.defaults.headers on a per request basis, Use the headers property, setting the desired header to undefined
要基于每个请求显式删除通过$ httpProvider.defaults.headers自动添加的标头,请使用headers属性,将所需标头设置为undefined
https://docs.angularjs.org/api/ng/service/$http#setting-http-headers
https://docs.angularjs.org/api/ng/service/$http#setting-http-headers