Opened 13 years ago
Closed 13 years ago
#6525 closed enhancement (fixed)
onXhrSend
Reported by: | kriszyp | Owned by: | James Burke |
---|---|---|---|
Priority: | high | Milestone: | 1.2 |
Component: | IO | Version: | 1.1.0 |
Keywords: | Cc: | ||
Blocked By: | Blocking: |
Description
Add a listener for XHR calls. This would enable devs to add certain headers uniformly for all XHR calls (without having to modify the call-site code). The following are some proposed usages:
- Adding an explicit authentication/validation token for each XHR request to prevent CSRF attacks. This is also known as double submitting when you use a cookie value as the validation token.
- Adding a client id to XHR requests. This can be used to create a session for maintaining state information that will not have cross-tab interference.
- Adding a sequence id to XHR requests. This provides a mechanism for deterministic message ordering (HTTP is not deterministic).
- Add information about transactional processing. The dojo.data save function has a strong transactional feel to it, and the JsonRestStore? can transmit the opening/committing of transactions with headers without altering the data.
I will include a dojox.rpc.Client that includes provides #2 and #3.
Attachments (1)
Change History (8)
comment:1 follow-up: 2 Changed 13 years ago by
comment:2 Changed 13 years ago by
Replying to jburke:
It seems like you can get the same behavior today by attaching to dojo.xhr (new for Dojo 1.1). All dojo.xhr* methods delegate to dojo.xhr for doing the calls. Is that sufficient?
That would be great, but rawXhrPut and rawXhrPost do not go through dojo.xhr. Could these two functions be modified to go through dojo.xhr? I would be perfectly happy with that.
comment:3 follow-up: 4 Changed 13 years ago by
Ah, right. I forgot about those. OK, I'll see what I can do: either convert the raw calls to go through dojo.xhr or look at applying the patch.
comment:4 Changed 13 years ago by
Replying to jburke:
Ah, right. I forgot about those. OK, I'll see what I can do: either convert the raw calls to go through dojo.xhr or look at applying the patch.
Yeah, it seems like you need a way to pass the content entity (postData or putData) into dojo.xhr. Maybe in dojo.xhr:
args.postData | dfd.ioArgs.query; |
Then dojo.xhr could be called from those two functions.
comment:5 Changed 13 years ago by
I attached a patch for what seems a reasonable approach for making all the XHR calls (including rawXhrPut and rawXhrPost) go through dojo.xhr. I think I reduced the size xhr.js somewhat as well.
comment:6 Changed 13 years ago by
comment:7 Changed 13 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
It seems like you can get the same behavior today by attaching to dojo.xhr (new for Dojo 1.1). All dojo.xhr* methods delegate to dojo.xhr for doing the calls. Is that sufficient?