Disable the X-Requested-With header to avoid preflighting remote POST requests. Fixes...

diff --git a/src/ajax.js b/src/ajax.js
index 3416dd66d145e7c0ed56eaa7304adc710e1cafed..1e0729f3fead843a4cdedfb6ba14c925b8071b75 100644 (file)
--- a/src/ajax.js
+++ b/src/ajax.js
@@ -275,13 +275,12 @@ jQuery.extend({
                }
 
                // Matches an absolute URL, and saves the domain
-               var parts = rurl.exec( s.url );
+               var parts = rurl.exec( s.url ),
+                       remote = parts && (parts[1] && parts[1] !== location.protocol || parts[2] !== location.host);
 
                // If we're requesting a remote document
                // and trying to load JSON or Script with a GET
-               if ( s.dataType === "script" && type === "GET" && parts
-                       && ( parts[1] && parts[1] !== location.protocol || parts[2] !== location.host )) {
-
+               if ( s.dataType === "script" && type === "GET" && remote ) {
                        var head = document.getElementsByTagName("head")[0] || document.documentElement;
                        var script = document.createElement("script");
                        script.src = s.url;
@@ -350,7 +349,10 @@ jQuery.extend({
                        }
 
                        // Set header so the called script knows that it's an XMLHttpRequest
-                       xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+                       // Only send the header if it's not a remote XHR
+                       if ( !remote ) {
+                               xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+                       }
 
                        // Set the Accepts header for the server, depending on the dataType
                        xhr.setRequestHeader("Accept", s.dataType && s.accepts[ s.dataType ] ?