1. #1
    Sencha Premium Member
    Join Date
    Feb 2009
    Location
    Boca Raton, FL
    Posts
    94
    Vote Rating
    1
    jimmifett is on a distinguished road

      0  

    Default extraParams for ALL crud operations?

    extraParams for ALL crud operations?


    How can I get extraParams passed for store api crud operations other than only Read operations?

    Example, I have a string that i want to pass back to the server, in addition to the other Create/Update/Delete data, to validate against to prevent cross site request forgeries.

    Everything is just fine with read operations and works peachy.

  2. #2
    Sencha - Ext JS Dev Team
    Join Date
    Jun 2011
    Location
    San Diego, CA
    Posts
    226
    Vote Rating
    43
    nohuhu has a spectacular aura about nohuhu has a spectacular aura about nohuhu has a spectacular aura about

      0  

    Default


    I don't really think that would fit into RPC concept. The idea is to have transparent mapping between server and client methods; there is no default mechanism for passing metadata. That said, it should be possible to do with some custom hacks but I doubt that it makes sense to implement on the framework level.

    Also, it's not necessary to do this for XSS prevention. Typical session tokens stored in HttpOnly cookies are a lot easier to implement and they provide good enough protection. At least, I can't think of any practical scenario for XSS attack in that case.

    Regards,
    Alex.

  3. #3
    Sencha Premium Member
    Join Date
    Feb 2009
    Location
    Boca Raton, FL
    Posts
    94
    Vote Rating
    1
    jimmifett is on a distinguished road

      0  

    Default


    I found a solution that works excellently, overriding the remoting provider to add another base field to the json packet for every call without needing to rely on extraParams

  4. #4
    Sencha User
    Join Date
    Aug 2009
    Posts
    113
    Vote Rating
    0
    lpastor is on a distinguished road

      0  

    Default


    Hello,

    Could you give your solution I am interested...

    Laurent

  5. #5
    Sencha Premium Member
    Join Date
    Feb 2009
    Location
    Boca Raton, FL
    Posts
    94
    Vote Rating
    1
    jimmifett is on a distinguished road

      0  

    Default


    If my apps require it and set a certain flag, when I return the API, I inject a little snippet to the end of the API.

    PHP Code:
        /**
        * @output true
        */
        
    private void function useCSRF(){
            
    WriteOutput("Ext.direct.RemotingProvider.override( { getCallData: function(transaction){ return { action: transaction.action, method: transaction.method, data: transaction.data, type: 'rpc', tid: transaction.id, csrftoken: '" CSRFGenerateToken() & "' }; } } );");
            
    WriteOutput("Ext.direct.RemotingProvider.override({sendFormRequest: function(transaction){Ext.apply(transaction.params, { csrftoken : '" CSRFGenerateToken() & "' }); Ext.Ajax.request({url: this.url,params: transaction.params,callback: this.onData,scope: this,form: transaction.form,isUpload: transaction.isUpload,transaction: transaction});}});");
        } 

Thread Participants: 2