Opened 13 years ago

Closed 13 years ago

#6525 closed enhancement (fixed)

onXhrSend

Reported by: kriszyp Owned by: James Burke
Priority: high Milestone: 1.2
Component: IO Version: 1.1.0
Keywords: Cc:
Blocked By: Blocking:

Description

Add a listener for XHR calls. This would enable devs to add certain headers uniformly for all XHR calls (without having to modify the call-site code). The following are some proposed usages:

  1. Adding an explicit authentication/validation token for each XHR request to prevent CSRF attacks. This is also known as double submitting when you use a cookie value as the validation token.
  2. Adding a client id to XHR requests. This can be used to create a session for maintaining state information that will not have cross-tab interference.
  3. Adding a sequence id to XHR requests. This provides a mechanism for deterministic message ordering (HTTP is not deterministic).
  4. Add information about transactional processing. The dojo.data save function has a strong transactional feel to it, and the JsonRestStore? can transmit the opening/committing of transactions with headers without altering the data.

I will include a dojox.rpc.Client that includes provides #2 and #3.

Attachments (1)

xhr.diff (4.8 KB) - added by kriszyp 13 years ago.
XHR patch

Download all attachments as: .zip

Change History (8)

comment:1 Changed 13 years ago by James Burke

It seems like you can get the same behavior today by attaching to dojo.xhr (new for Dojo 1.1). All dojo.xhr* methods delegate to dojo.xhr for doing the calls. Is that sufficient?

comment:2 in reply to:  1 Changed 13 years ago by kriszyp

Replying to jburke:

It seems like you can get the same behavior today by attaching to dojo.xhr (new for Dojo 1.1). All dojo.xhr* methods delegate to dojo.xhr for doing the calls. Is that sufficient?

That would be great, but rawXhrPut and rawXhrPost do not go through dojo.xhr. Could these two functions be modified to go through dojo.xhr? I would be perfectly happy with that.

comment:3 Changed 13 years ago by James Burke

Ah, right. I forgot about those. OK, I'll see what I can do: either convert the raw calls to go through dojo.xhr or look at applying the patch.

comment:4 in reply to:  3 Changed 13 years ago by kriszyp

Replying to jburke:

Ah, right. I forgot about those. OK, I'll see what I can do: either convert the raw calls to go through dojo.xhr or look at applying the patch.

Yeah, it seems like you need a way to pass the content entity (postData or putData) into dojo.xhr. Maybe in dojo.xhr:

dfd.ioArgs.query = args.putData
args.postData dfd.ioArgs.query;

Then dojo.xhr could be called from those two functions.

Changed 13 years ago by kriszyp

Attachment: xhr.diff added

XHR patch

comment:5 Changed 13 years ago by kriszyp

I attached a patch for what seems a reasonable approach for making all the XHR calls (including rawXhrPut and rawXhrPost) go through dojo.xhr. I think I reduced the size xhr.js somewhat as well.

comment:6 Changed 13 years ago by James Burke

(In [13530]) Refs #6525: hasBody comes from the dojo.xhr call args.

comment:7 Changed 13 years ago by James Burke

Resolution: fixed
Status: newclosed

(In [13531]) Fixes #6525: all xhr calls go through dojo.xhr now. Thanks to Kris Zyp for the patch. I applied it with a slight mod to the postData and putData detection. Nice patch that reduces the code footprint, thanks Kris! Also fixed an incorrect test.

Note: See TracTickets for help on using tickets.