Fix incorrect header used for detecting AJAX requests

The code was looking for "X-Request-With", but the header is actually
"X-Requested-With". As far as I can tell, it has always been the
latter, at least in the jQuery source code.

Fixes issue #174.

README.md

@@ -180,7 +180,7 @@ MellonDiagnosticsEnable Off
         #           then we will redirect him to the login page of the IdP.
         #
         #           There is a special handling of AJAX requests, that are
-        #           identified by the "X-Request-With: XMLHttpRequest" HTTP
+        #           identified by the "X-Requested-With: XMLHttpRequest" HTTP
         #           header. Since no user interaction can happen there,
         #           we always fail unauthenticated (not logged in) requests
         #           with a 403 Forbidden error without redirecting to the IdP.

auth_mellon_handler.c

@@ -3658,11 +3658,11 @@ int am_auth_mellon_user(request_rec *r)
              * If this is an AJAX request, we cannot proceed to the IdP,
              * Just fail early to save our resources
              */
-            ajax_header = apr_table_get(r->headers_in, "X-Request-With");
+            ajax_header = apr_table_get(r->headers_in, "X-Requested-With");
             if (ajax_header != NULL &&
                 strcmp(ajax_header, "XMLHttpRequest") == 0) {
                     AM_LOG_RERROR(APLOG_MARK, APLOG_INFO, 0, r,
-                      "Deny unauthenticated X-Request-With XMLHttpRequest "
+                      "Deny unauthenticated X-Requested-With XMLHttpRequest "
                       "(AJAX) request");
                     return HTTP_FORBIDDEN;
             }