Welcome Guest, Not a member yet? Register   Sign In
Poll: Ajax library?
You do not have permission to vote in this poll.
yes
36.73%
18 36.73%
no
51.02%
25 51.02%
maybe
12.24%
6 12.24%
Total 49 vote(s) 100%
* You voted for this item. [Show Results]

[split] Ajax library?
#11

(04-14-2015, 09:44 AM)mwhitney Wrote:
(04-10-2015, 05:05 PM)blocSonic Wrote: Controllers should be able to detect request types... including Ajax requests.

How do you suggest the controller detect an AJAX request? HTTP_X_REQUESTED_WITH (the server variable checked by $this->input->is_ajax_request()) represents a non-standard header sent (or not) by the client to indicate an AJAX request, but (especially as a non-standard header), there is no requirement for that header to be present alongside an AJAX request.

From the server's perspective, there is otherwise no difference between an AJAX request or a normal request. For this reason, it's largely up to the developer to create a good API for their site and stick to it. If someone sends a non-AJAX request to a method which was designed to only handle AJAX requests, they should be expected to handle the returned data correctly, rather than expecting the server to detect that they didn't use an XmlHttpRequest (and spelling that out brings up the point that the correct return type for an AJAX request isn't set in stone, either).

The same way other frameworks do. I can't tell you what it is they do to determine it, but they do. It's not unrealistic to expect a framework to provide this ability.
Reply
#12

(This post was last modified: 04-14-2015, 11:43 PM by sv3tli0.)

Ok just a question.. AJAX means "asynchronous JavaScript and XML" why should CI supports it with special library?
By default there is just 1 header which is added inside AJAX requests so it can be recognised as Ajax, but it is not secured as anyone can added at browser requests or at curl crawlers and others..

The only important thing which CI has to cover is Request doesn't matter where it comes from ..
Framework never should be left to decide by itself what data type to return. This can be security Risk!
If you are working with AJAX and some API you have to specify the data type (xml, json or other) within the request and this doesn't have anything related with AJAX itself. You say to the api that you want xml and the API (CI app) is returning XML.. same for other types..
Best VPS Hosting : Digital Ocean
Reply
#13

(04-14-2015, 06:40 PM)blocSonic Wrote: The same way other frameworks do. I can't tell you what it is they do to determine it, but they do. It's not unrealistic to expect a framework to provide this ability.

I have yet to find a framework which determines whether a request is an AJAX request with any method other than that used by $this->input->is_ajax_request().

Further, most of them don't go significantly further than CI does in this respect by providing a method to check whether the request included the X-Requested-With header. The fact that this method is unreliable is the same across frameworks.

http://stackoverflow.com/questions/18260...t-with-php

As mentioned in the link above, there is no method of determining whether a particular request was an AJAX request which can not be spoofed, because all of them depend on the client. CSRF checks and other methods help, but, in the end, the client could still send a normal request disguised as an AJAX request.

Further, the client could send a valid AJAX request without the header, or the server could prevent the header from being passed to CI.

For these reasons, any controller method/action which is intended to be called by an AJAX request should always respond as it would to an AJAX request. I'm as guilty as anyone else of attempting to change the behavior of a method based on the presence of the X-Requested-With header, but it's a waste of time.
Reply
#14

I think that we should opt for a REST service, more than an AJAX library. My vote is no, I'd prefer to have a simple REST API, and with it you can create AJAX requests.
Reply
#15

My vote was No too, although a year ago I would have said yes.

Ajax is one of those things that I am using more and more heavily and I do so with CI without any issues at all. Would like to be able to use more subfolders on my controllers which would help, but in truth even that is now unnecessary with Wiredesignz modular code.

Perhaps someone could persuade Firefox to not insist on such strict JS implementation lol.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB