Some back-ends check on X-Requested-With header to see if it is an ajax request. With fetch, that header isn't set.
X-Requested-With is just a header convention, its not part of any XHR or the Fetch spec.
The XMLHttpRequest used by the fetch polyfill is an implementation detail. When browsers start shipping window.fetch natively, the X-Requested-With header won't be sent along with the request. So it would be an error to rely on that header being sent from the polyfill.
Here's a simple fetch wrapper we're using at GitHub that provides some of the missing behavior from Rails' integration with jQuery.
https://gist.github.com/dgraham/92e4c45da3707a3fe789
In practice, sites are going to need a small wrapper like this to work with window.fetch as easily as jQuery's $.ajax.
/cc @annevk This wrapper might or might not inform the fetch spec.
:+1: Thanks for the information!
@dgraham that wrapper seems to assume a document environment. The CSRF stuff would break in a worker environment.
@dgraham if you want standardized CSRF tokens, perhaps email [email protected] or [email protected] (need to subscribe first for the former). Might be worth doing.
Most helpful comment
The
XMLHttpRequestused by the fetch polyfill is an implementation detail. When browsers start shippingwindow.fetchnatively, theX-Requested-Withheader won't be sent along with the request. So it would be an error to rely on that header being sent from the polyfill.Here's a simple
fetchwrapper we're using at GitHub that provides some of the missing behavior from Rails' integration with jQuery.https://gist.github.com/dgraham/92e4c45da3707a3fe789
In practice, sites are going to need a small wrapper like this to work with
window.fetchas easily as jQuery's$.ajax./cc @annevk This wrapper might or might not inform the fetch spec.