AjaxInteractions (diff)

You must first sign up to be able to contribute.

Changes between Version 2 and Version 3 of AjaxInteractions

joncol (IP:
10/03/06 18:08:41 (11 years ago)

further formatting correction


  • AjaxInteractions

    v2 v3  
    2323- Aligned Validation 
    25 View Configuration 
     25'''View Configuration''' 
    2627Of course the first thing done is to turn layout off, in addition common 'simple' templates can be used by a number of actions to output appropriate content.  I refer to a template to output JSON of course.  Whilst many will shout the JSON can be encapsulated in the response header, there are a number of cases where the header does not have the capacity to hold the appropriate content (furthermore the capacity of header elements varies between browsers, i think).  Another reason to use response bodies is to contain debug before inserting 'return sfView::HEADER_ONLY;' 
    28 Security Measures 
     29'''Security Measures''' 
    2931Now I am not going to discuss the revelence or effectiveness of the measures, but there's nowt wrong with pinning down how your application is interacted with. 
    3032Firstly, I like to use the POST method for all AJAX requests; this is because most requests do convey data, and any robot trawling your site for url is likely to use GET when it starts sniffing around.  A request header attribute that the Prototype library automatically enters in requests is X_REQUESTED_WITH = XMLHttpRequest.  This is another filting point (if you wanted to go further, you could add further custom headers, however anyone going that would inspect the source to ascertain the key.  If your data is that precious, you should ensure the client is authenticated in some way). 
    32 Validation 
    3336Keeping AJAX actions in the same module provides a great amount of visibility relating to what validation is being conducted upon incoming vars.  Furthermore as AJAX will no doubt be dealing with JS/PHP/custom dataformats and structures, custom validators can be employed to ensure the more complex strings are valid.  I use a validator to ensure a serialized PHP array generated by JS is well formed before I allow the action to have it.