From 9c9872ebaccc75fda922d7fa5c93f26490ebcdde Mon Sep 17 00:00:00 2001
From: Sam Minnee <sam@silverstripe.com>
Date: Wed, 4 Jul 2018 13:35:47 +1200
Subject: [PATCH] FIX: Remove X-Requested-With from default Vary header.

The X-Requested-With header does modify the result of Director::is_ajax
and so this should strictly be in there. In practise, this can cause
issues with CDNs such as Incapsula, and LeftAndMain adds this vary
header itself, which is the principle place where Director::is_ajax
is used.
---
 _config/config.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/_config/config.yml b/_config/config.yml
index 424b8145b..8be36b35d 100644
--- a/_config/config.yml
+++ b/_config/config.yml
@@ -16,7 +16,7 @@ HTTP:
     no-cache: "true"
     no-store: "true"
     must-revalidate: "true"
-  vary: "X-Requested-With, X-Forwarded-Protocol"
+  vary: "X-Forwarded-Protocol"
 LeftAndMain:
   dependencies:
     versionProvider: %$SilverStripeVersionProvider