From 24956087cc4d5cd9d574a13b221af6245cfe0370 Mon Sep 17 00:00:00 2001
From: Saq Imtiaz <saq.imtiaz@gmail.com>
Date: Tue, 17 Aug 2021 10:56:52 +0200
Subject: [PATCH] Do not add X-Requested-With header for simple requests
 (#5931)

---
 core/modules/utils/dom/http.js                | 19 ++++++++++++++++++-
 .../tiddlywiki/tiddlyweb/tiddlywebadaptor.js  |  8 ++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/core/modules/utils/dom/http.js b/core/modules/utils/dom/http.js
index 952704138..6e07b1040 100644
--- a/core/modules/utils/dom/http.js
+++ b/core/modules/utils/dom/http.js
@@ -34,6 +34,23 @@ exports.httpRequest = function(options) {
 			});
 			return result;
 		},
+		getHeader = function(targetHeader) {
+			return headers[targetHeader] || headers[targetHeader.toLowerCase()];
+		},
+		isSimpleRequest = function(type,headers) {
+			if(["GET","HEAD","POST"].indexOf(type) === -1) {
+				return false;
+			}
+			for(var header in headers) {
+				if(["accept","accept-language","content-language","content-type"].indexOf(header.toLowerCase()) === -1) {
+					return false;
+				}
+			}
+			if(hasHeader("Content-Type") && ["application/x-www-form-urlencoded","multipart/form-data","text/plain"].indexOf(getHeader["Content-Type"]) === -1) {
+				return false;
+			}
+			return true;	
+		},
 		returnProp = options.returnProp || "responseText",
 		request = new XMLHttpRequest(),
 		data = "",
@@ -76,7 +93,7 @@ exports.httpRequest = function(options) {
 	if(data && !hasHeader("Content-Type")) {
 		request.setRequestHeader("Content-Type","application/x-www-form-urlencoded; charset=UTF-8");
 	}
-	if(!hasHeader("X-Requested-With")) {
+	if(!hasHeader("X-Requested-With") && !isSimpleRequest(type,headers)) {
 		request.setRequestHeader("X-Requested-With","TiddlyWiki");
 	}
 	try {
diff --git a/plugins/tiddlywiki/tiddlyweb/tiddlywebadaptor.js b/plugins/tiddlywiki/tiddlyweb/tiddlywebadaptor.js
index 683c305c8..b31610deb 100644
--- a/plugins/tiddlywiki/tiddlyweb/tiddlywebadaptor.js
+++ b/plugins/tiddlywiki/tiddlyweb/tiddlywebadaptor.js
@@ -114,6 +114,10 @@ TiddlyWebAdaptor.prototype.login = function(username,password,callback) {
 		},
 		callback: function(err) {
 			callback(err);
+		},
+		headers: {
+			"accept": "application/json",
+			"X-Requested-With": "TiddlyWiki"
 		}
 	};
 	this.logger.log("Logging in:",options);
@@ -132,6 +136,10 @@ TiddlyWebAdaptor.prototype.logout = function(callback) {
 		},
 		callback: function(err,data) {
 			callback(err);
+		},
+		headers: {
+			"accept": "application/json",
+			"X-Requested-With": "TiddlyWiki"
 		}
 	};
 	this.logger.log("Logging out:",options);