Hybrid View

  1. #1
    Sencha Premium Member
    Join Date
    Feb 2009
    Location
    Boca Raton, FL
    Posts
    94
    Vote Rating
    1
    jimmifett is on a distinguished road

      0  

    Default extraParams for ALL crud operations?

    extraParams for ALL crud operations?


    How can I get extraParams passed for store api crud operations other than only Read operations?

    Example, I have a string that i want to pass back to the server, in addition to the other Create/Update/Delete data, to validate against to prevent cross site request forgeries.

    Everything is just fine with read operations and works peachy.

  2. #2
    Sencha - Ext JS Dev Team
    Join Date
    Jun 2011
    Location
    San Diego, CA
    Posts
    191
    Vote Rating
    37
    nohuhu has a spectacular aura about nohuhu has a spectacular aura about

      0  

    Default


    I don't really think that would fit into RPC concept. The idea is to have transparent mapping between server and client methods; there is no default mechanism for passing metadata. That said, it should be possible to do with some custom hacks but I doubt that it makes sense to implement on the framework level.

    Also, it's not necessary to do this for XSS prevention. Typical session tokens stored in HttpOnly cookies are a lot easier to implement and they provide good enough protection. At least, I can't think of any practical scenario for XSS attack in that case.

    Regards,
    Alex.

  3. #3
    Sencha Premium Member
    Join Date
    Feb 2009
    Location
    Boca Raton, FL
    Posts
    94
    Vote Rating
    1
    jimmifett is on a distinguished road

      0  

    Default


    I found a solution that works excellently, overriding the remoting provider to add another base field to the json packet for every call without needing to rely on extraParams

  4. #4
    Sencha User
    Join Date
    Aug 2009
    Posts
    113
    Vote Rating
    0
    lpastor is on a distinguished road

      0  

    Default


    Hello,

    Could you give your solution I am interested...

    Laurent

  5. #5
    Sencha Premium Member
    Join Date
    Feb 2009
    Location
    Boca Raton, FL
    Posts
    94
    Vote Rating
    1
    jimmifett is on a distinguished road

      0  

    Default


    If my apps require it and set a certain flag, when I return the API, I inject a little snippet to the end of the API.

    PHP Code:
        /**
        * @output true
        */
        
    private void function useCSRF(){
            
    WriteOutput("Ext.direct.RemotingProvider.override( { getCallData: function(transaction){ return { action: transaction.action, method: transaction.method, data: transaction.data, type: 'rpc', tid: transaction.id, csrftoken: '" CSRFGenerateToken() & "' }; } } );");
            
    WriteOutput("Ext.direct.RemotingProvider.override({sendFormRequest: function(transaction){Ext.apply(transaction.params, { csrftoken : '" CSRFGenerateToken() & "' }); Ext.Ajax.request({url: this.url,params: transaction.params,callback: this.onData,scope: this,form: transaction.form,isUpload: transaction.isUpload,transaction: transaction});}});");
        } 

Thread Participants: 2

Turkiyenin en sevilen filmlerinin yer aldigi xnxx internet sitemiz olan ve porn sex tarzi bir site olan mobil porno izle sitemiz gercekten dillere destan bir durumda herkesin sevdigi bir site olarak tarihe gececege benziyor. Sitenin en belirgin ozelliklerinden birisi de Turkiyede gercekten kaliteli ve muntazam, duzenli porno izle siteleri olmamasidir. Bu yuzden iste. Ayrica en net goruntu kalitesine sahip adresinde yayinlanmaktadir. Mesela diğer sitelerimizden bahsedecek olursak, en iyi hd porno video arşivine sahip bir siteyiz. "The Best anal porn videos and slut anus, big asses movies set..." hd porno faketaxi