Request object cannot recognize cross-site's ajax request header

In my project, I use beforeExecuteRoute() to control access, code like this

public function beforeExecuteRoute(Dispatcher $dispatcher) {
        $controllerName = $dispatcher->getControllerName();

        // Check controller permissions
        if ($this->acl->isPrivate($controllerName)) {
            // Get the current identity
            $identity = $this->auth->getIdentity();
            // If user is not login then redirect the user to login page
            if (!is_array($identity)) {
                if ($this->request->isAjax()) {
                    $this->helper->infoShowWithJSON(-1, $this->lang->_('has_no_privilege_login'));
                    return false;
                } else {
                    $this->log->info('not ajax');
                    return $this->helper->infoShowWithRedirect(

But I found that other site use ajax (which has no privilege to access), $this->request->isAjax() is not working, code like this:

<script src=""></script>

        $(document).ready(function() {
            $.post('', function($data){

The log file only logs 'no ajax'! What is the problem?

Local request works properly.


If you modify your jquery code ?

                    url: '',
                    type: 'POST',
                    dataType: 'json',
                    //headers: {}, <-- add headers if needed
                    data : {'name':'John'}
                }).success(function (data) {
                        console.log(e, s);
                        console.log('ajax request completed');