From fa2c3269550f6251857f7436574dd9a9929a4f14 Mon Sep 17 00:00:00 2001
From: Matthew Taylor <mewtaylor@gmail.com>
Date: Thu, 11 Aug 2016 14:54:13 -0400
Subject: [PATCH] Only apply `X-Requested-With` to same domain

it breaks on cross domain
---
 src/lib/api.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib/api.js b/src/lib/api.js
index e7d9fc012..1207647a7 100644
--- a/src/lib/api.js
+++ b/src/lib/api.js
@@ -18,9 +18,7 @@ var urlParams = require('./url-params');
 module.exports = function (opts, callback) {
     defaultsDeep(opts, {
         host: process.env.API_HOST,
-        headers: {
-            'X-Requested-With': 'XMLHttpRequest'
-        },
+        headers: {},
         responseType: 'json',
         useCsrf: false
     });
@@ -52,6 +50,8 @@ module.exports = function (opts, callback) {
                 opts.uri = parts[0] + '?' + qs;
 
             }
+        } else {
+            opts['X-Requested-With'] = 'XMLHttpRequest';
         }
         xhr(opts, function (err, res, body) {
             if (err) log.error(err);