From a7678267d848fcef8775c8b9f4fa3e507b8cc5f4 Mon Sep 17 00:00:00 2001
From: John Resig <jeresig@Archimedes.local>
Date: Wed, 25 Nov 2009 13:29:34 -0500
Subject: [PATCH] Disable the X-Requested-With header to avoid preflighting
 remote POST requests. Fixes #4601.

---
 src/ajax.js |   12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/src/ajax.js b/src/ajax.js
index 3416dd6..1e0729f 100644
--- a/src/ajax.js
+++ b/src/ajax.js
@@ -275,13 +275,12 @@ jQuery.extend({
 		}
 
 		// Matches an absolute URL, and saves the domain
-		var parts = rurl.exec( s.url );
+		var parts = rurl.exec( s.url ),
+			remote = parts && (parts[1] && parts[1] !== location.protocol || parts[2] !== location.host);
 
 		// If we're requesting a remote document
 		// and trying to load JSON or Script with a GET
-		if ( s.dataType === "script" && type === "GET" && parts
-			&& ( parts[1] && parts[1] !== location.protocol || parts[2] !== location.host )) {
-
+		if ( s.dataType === "script" && type === "GET" && remote ) {
 			var head = document.getElementsByTagName("head")[0] || document.documentElement;
 			var script = document.createElement("script");
 			script.src = s.url;
@@ -350,7 +349,10 @@ jQuery.extend({
 			}
 
 			// Set header so the called script knows that it's an XMLHttpRequest
-			xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+			// Only send the header if it's not a remote XHR
+			if ( !remote ) {
+				xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+			}
 
 			// Set the Accepts header for the server, depending on the dataType
 			xhr.setRequestHeader("Accept", s.dataType && s.accepts[ s.dataType ] ?
-- 
1.7.10.4