CORS XHR requests with jQuery

This is a repost form this Github issue : https://github.com/rails/rails/issues/11380

I would like to have your opinion about the following :

When sending an AJAX request, one expect request.xhr? to return true, but this is not true when using jQuery and CORS. This problem is caused by the fact jQuery decided to not automatically send X_HTTP_REQUESTED_WITH header for CORS requests (see. #8423 (Cross origin AJAX request always preflighted) – jQuery - Bug Tracker).

I think every CORS requests should be considered as XHR requests. And I would advocate updating action_dispatch/http/request.rb ActionDispatch::Request#xhr? to return true for every CORS requests. This might be implemented by detecting presence of Origin header (and maybe checking Host and https).

Do you see any use-case where CORS requests would not be XHR requests or any other issue with this proposal ?

Thanks !

I was going to ask if maybe this could be fixed by adding the requested-with header for CORS requests in jquery-ujs. But after reading through the jquery ticket, it sounds like they had a good reason to remove it (so that it doesn’t cause unnecessary preflighted requests), which I agree with. So yeah, this would be best handled on the server-side, if such a change were to be implemented.

– Steve Schwartz

Pull request here : Make CORS requests considered as Ajax requests by ybart · Pull Request #14425 · rails/rails · GitHub