I have a csrf token dumped into a JS variable on window. I have a form that makes AJAX requests (without Ember Data) from the controller. In my request I need to pass along the csrf token. Where are the recommended places to put this token in Ember? Right now I am grabbing it off window but I realize this is bad for testability. My first thought is to register it into the container. I'm pretty new to Ember so any feedback would be much appreciated!
我有一个csrf令牌转储到窗口上的JS变量中。我有一个表单从控制器发出AJAX请求(没有Ember数据)。在我的请求中,我需要传递csrf令牌。将此令牌放入Ember的推荐位置在哪里?现在我正在窗外抓住它,但我意识到这对可测试性有害。我的第一个想法是将它注册到容器中。我对Ember很新,所以任何反馈都会非常感激!
2 个解决方案
#1
Like @Kingpin2k said, it really doesn't need to be injected into the ember app . You can do it using jquery if you're making ajax call. One simple way is,
就像@ Kingpin2k所说的那样,它真的不需要注入ember app。如果你正在进行ajax调用,你可以使用jquery来完成它。一个简单的方法是,
- declare your csrf in server side inside a meta tag content.
- grab it from the meta tag by its name.
- use it(e.g. as a Header) with jquery(if you want to use it with every ajax request you can do it using
ajaxSetup).
在元标记内容中声明服务器端的csrf。
通过名称从元标记中获取它。
使用它(例如作为Header)和jquery(如果你想在每个ajax请求中使用它,你可以使用ajaxSetup来实现它)。
Something like this.
像这样的东西。
<meta name="csrf-token" content="{{ csrf_token() }}">
<script type="text/javascript">
// Add x-csrf-token to all ajax request
$.ajaxSetup({
headers: {
'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
}
});
</script>
#2
Depending if you are using Ember-cli with modules or just using a global namespace I have different preferences.
根据您是将Ember-cli与模块一起使用还是仅使用全局命名空间,我有不同的偏好。
If it's global namespace, I prefer just tossing it in the root of the global namespace.
如果它是全局命名空间,我宁愿把它放在全局命名空间的根目录中。
If it's cli, I often have a session service, and I'd just pull it from the window there, or under testing circumstances, allow it to come from another location e.g. csrf = Testing.csrf || window.csrf or something along those lines.
如果它是cli,我经常会有会话服务,我只是从窗口拉出来,或者在测试环境下,允许它来自另一个位置,例如csrf = Testing.csrf || window.csrf或沿着这些行的东西。
Also, in certain circumstances, it really doesn't need to be injected into the ember app. You can just hook it into jquery to execute on all ajax requests and then not have to think about it in regards to ember itself, since it really isn't related to ember, it's more related to the communication protection being used in jquery with your server.
此外,在某些情况下,它实际上不需要注入到余烬应用程序中。您可以将它挂钩到jquery以执行所有ajax请求,然后不必考虑它与ember本身有关,因为它实际上与ember无关,它与jquery中使用的通信保护更相关服务器。
#1
Like @Kingpin2k said, it really doesn't need to be injected into the ember app . You can do it using jquery if you're making ajax call. One simple way is,
就像@ Kingpin2k所说的那样,它真的不需要注入ember app。如果你正在进行ajax调用,你可以使用jquery来完成它。一个简单的方法是,
- declare your csrf in server side inside a meta tag content.
- grab it from the meta tag by its name.
- use it(e.g. as a Header) with jquery(if you want to use it with every ajax request you can do it using
ajaxSetup).
在元标记内容中声明服务器端的csrf。
通过名称从元标记中获取它。
使用它(例如作为Header)和jquery(如果你想在每个ajax请求中使用它,你可以使用ajaxSetup来实现它)。
Something like this.
像这样的东西。
<meta name="csrf-token" content="{{ csrf_token() }}">
<script type="text/javascript">
// Add x-csrf-token to all ajax request
$.ajaxSetup({
headers: {
'X-CSRF-Token': $('meta[name="csrf-token"]').attr('content')
}
});
</script>
#2
Depending if you are using Ember-cli with modules or just using a global namespace I have different preferences.
根据您是将Ember-cli与模块一起使用还是仅使用全局命名空间,我有不同的偏好。
If it's global namespace, I prefer just tossing it in the root of the global namespace.
如果它是全局命名空间,我宁愿把它放在全局命名空间的根目录中。
If it's cli, I often have a session service, and I'd just pull it from the window there, or under testing circumstances, allow it to come from another location e.g. csrf = Testing.csrf || window.csrf or something along those lines.
如果它是cli,我经常会有会话服务,我只是从窗口拉出来,或者在测试环境下,允许它来自另一个位置,例如csrf = Testing.csrf || window.csrf或沿着这些行的东西。
Also, in certain circumstances, it really doesn't need to be injected into the ember app. You can just hook it into jquery to execute on all ajax requests and then not have to think about it in regards to ember itself, since it really isn't related to ember, it's more related to the communication protection being used in jquery with your server.
此外,在某些情况下,它实际上不需要注入到余烬应用程序中。您可以将它挂钩到jquery以执行所有ajax请求,然后不必考虑它与ember本身有关,因为它实际上与ember无关,它与jquery中使用的通信保护更相关服务器。