How do I force or add the content length for ajax type POST requests in Firefox?

Question

I'm trying to POST a http request using ajax, but getting a response from the apache server using modsec_audit that: "POST request must have a Content-Length header." I do not want to disable this in modsec_audit.

This occurs only in firefox, and not IE. Further, I switched to using a POST rather than a GET to keep IE from caching my results.

This is a simplified version of the code I'm using for the request, I'm not using any javascript framework.

function getMyStuff(){
    var SearchString = '';
    /* build search string */
    ...
    /* now do request */
    var xhr = createXMLHttpRequest();
    var RequestString = 'someserverscript.cfm' + SearchString;
    xhr.open("POST", RequestString, true);
    xhr.onreadystatechange = function(){
     processResponse(xhr);
    }
    xhr.send(null);
}


function processResponse(xhr){
    var serverResponse = xhr.responseText;
    var container = document.getElementById('myResultsContainer');
    if (xhr.readyState == 4){
       container.innerHTML = serverResponse;
    }
}

function createXMLHttpRequest(){
    try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch (e) {}
    try { return new ActiveXObject("Microsoft.XMLHTTP"); } catch (e) {}
    try { return new XMLHttpRequest(); } catch(e) {}
    return null;
}

How do I force or add the content length for ajax type POST requests in Firefox?

Answer 1

xhr.setRequestHeader("Content-Length", "0");

would be my best guess.

BTW, if you want to stop caching in IE, just add a random number onto the end, as in:

var RequestString = 'someserverscript.cfm' + SearchString + '&random=' + Math.random();

Answer 2

Not an answer to this question, but related to it, I asked "Why does modsecurity require Content-Length in POST requests?" over at serverfault.

Answer 3

Try to actually send something instead of null (xhr.send(null);).