Skip to content

Commit

Permalink
improvement: set X-Requested-With to prevent browser authentication…
Browse files Browse the repository at this point in the history
… dialog (via #4934)
  • Loading branch information
dalbrx-forcam authored and shockey committed Feb 14, 2019
1 parent 373da3b commit 937c8f6
Showing 1 changed file with 2 additions and 1 deletion.
3 changes: 2 additions & 1 deletion src/core/plugins/auth/actions.js
Original file line number Diff line number Diff line change
Expand Up @@ -168,7 +168,8 @@ export const authorizeRequest = ( data ) => ( { fn, getConfigs, authActions, err

let _headers = Object.assign({
"Accept":"application/json, text/plain, */*",
"Content-Type": "application/x-www-form-urlencoded"
"Content-Type": "application/x-www-form-urlencoded",
"X-Requested-With": "XMLHttpRequest"
}, headers)

fn.fetch({
Expand Down

1 comment on commit 937c8f6

@laurynasr
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This breaks CORS for Token requests when authorization server does not handle preflight

Please sign in to comment.