0

I am using Github Pages to host an angularJS website, and Google Apps Script for some server side things. My problem is that if the user has enabled the "Do not track"-header on their device settings, my JavaScript CORS requests fails. I have only tested with iOS, but I assume the same problem will be present on android or any device with a "Do not track" option.

What I want to do is to remove the DNT header for all $http requests. How can I do this? Is it even possible?

tjespe
  • 704
  • 7
  • 17
  • How does it fail? Presumably either Github doesn't support DNT and therefor answers the request with an error (less likely), or the presence of the DNT header makes the request preflighted. – CBroe Feb 05 '17 at 13:58
  • @CBroe The request is to a Google Script, and it fails by returning 405 – tjespe Feb 05 '17 at 13:59
  • 405 is Method Not Allowed - so most likely you are indeed dealing with a preflight request here, that the remote server is not configured to handle correctly. – CBroe Feb 06 '17 at 08:27

1 Answers1

1

The addition of the DNT header forces the browser to issue a preflight OPTIONS request, and the 405 (Method Not Allowed) error indicates that Google Apps Scripts doesn't support it.

According to these bug reports, this behavior is as intended. Their recommendation is to use JSONP rather than XHR.

And since the DNT header is added by the browser there isn't a way to avoid sending it.

Kevin Christopher Henry
  • 46,175
  • 7
  • 116
  • 102