0

I am trying to send an API key via headers, so not in the data associated to a GET/POST request. I have tried several options that you can see uncommented in the code below or in this jsfiddle

I am not sure if it is really sending the header, that is, 'my_api_key' parameter/value, as I cannot see them in console inspector (and I have seen other applications where these values appeared somewhere in the console request).

$.ajax({
  url: "https://api.github.com/users/jeresig",
  type: "GET",
  /*
   headers: { 'my_api_key': 'xxxx' },
  */
   beforeSend: function(request) {
    request.setRequestHeader("my_api_key", 'xxxx');
   },
  /*
  headers: {
  'Accept': 'application/json',
     'my_api_key':"xxxx"

   },   
  */
  dataType: "jsonp"
  //jsonpCallback: "logResults"
});
user1249791
  • 1,241
  • 4
  • 14
  • 33
  • Explained [here](https://stackoverflow.com/a/10546945/2181514). JSONP does not send an ajax request, so does not use your request header. Remove the `jsonp` and you can see your request header (but then it doesn't work, ofc) – freedomn-m Oct 06 '22 at 10:34
  • `api.github.com` doesn't support JSONP either. – Quentin Oct 06 '22 at 10:37
  • 1
    It [does support CORS](https://docs.github.com/en/rest/overview/resources-in-the-rest-api#cross-origin-resource-sharing) which is the sensible solution to the problem that JSONP was a dirty, dangerous workaround for. – Quentin Oct 06 '22 at 10:38
  • exactly, @freedomn-m if my requested server is cross-domain, then there is no other solution than force it to support CORS ? – user1249791 Oct 06 '22 at 10:53

0 Answers0