Can I set headers in cross domain json requests?

Question

I have done some research on the internet, but I didn\'t manage to get the complete picture about this subject. Can anyone help to solve this answer for now and forever?

Answer 1

If you are using JSONP for making cross-origin request - then the answer is no, you can't set HTTP headers on such requests. If you are using CORS for making cross-origin requests - then the answer is yes, since you are using plain XHR to make the request: http://en.wikipedia.org/wiki/Cross-origin_resource_sharing.

Answer 2

With JSONP, setting custom headers is not possible.

With CORS, the server must send the Access-Control-Allow-Headers header to allow uncommon request headers from the client. From the HTML5 Rocks CORS page:

Access-Control-Allow-Headers ... - Comma-delimited list of the supported request headers.

Thus, your server must send a Access-Control-Allow-Headers: Authorization to let the browser know it is permissible to send Authorization to the server with the request. Without this sever header, the browser will only send a few common headers with the request and ignore the rest.

Answer 3

Since "jsonp" works by creating an script tag and using the attribute src= to load resource from another domain. So I don't think there is a way to modify request headers.