getting image with $.ajax() - Access Control Request Headers

Question

I am using something like this to get an image via jquery ajax.

$.ajax({
   url: imageurl,
   type:'GET',
   contentType: 'image/png',
   success: success,
   error: error,
   timeout: 5000
});

I can see that my request headers include

Access-Control-Request-Headers:origin, content-type, accept

On the other hand, If i set up a img element like

<img src="imageurl" ...

and observe the request headers I don't see any "Access Control Request Headers".

Just wondering what is the reason for $.ajax() adding this header. Why is it adding this for a images which should be a valid Cross-site HTTP request. Will it be a good practice or even possible to remove this header?

Answer 1

Anything accessed using an XMLHttpRequest will have these headers, whether it's an image or not. The crucial part is the origin of the request (a script rather than an 'img' tag).

This header is actually created by the browser, so, no, it wouldn't be possible to remove it via jquery.

Historically scripts were not allowed to perform cross-site HTTP requests, and these headers are part of the new 'cross-origin sharing' feature. See: https://developer.mozilla.org/en/http_access_control

Note that it may be possible to circumvent by using jquery to generate an 'img' tag, which could potentially be manipulated in the way you want. I haven't tried but it's worth a try..