Skip to content

Instantly share code, notes, and snippets.

@sudhirsb2003
Created July 5, 2011 11:50
Show Gist options
  • Save sudhirsb2003/1064701 to your computer and use it in GitHub Desktop.
Save sudhirsb2003/1064701 to your computer and use it in GitHub Desktop.
Naive CSRF-protection: Rails 3 and Ext.js 4's Ext.data.RestProxy
Ext.define('Ext.rails.ForgeryProtection', {
csrfParams: function() {
var params = {};
var metaCsrfParam = Ext.select('meta[name=csrf-param]').item(0);
var metaCsrfToken = Ext.select('meta[name=csrf-token]').item(0);
if (metaCsrfParam != undefined && metaCsrfToken != undefined) {
var name = metaCsrfParam.getAttribute('content');
var value = metaCsrfToken.getAttribute('content');
if (name != undefined && value != undefined) {
params[name] = value;
}
}
return params;
}
});
Ext.define('Ext.rails.RestProxy', {
extend: 'Ext.data.RestProxy',
mixins: {
forgeryProtection: 'Ext.rails.ForgeryProtection'
},
alias: 'proxy.railsrest',
buildRequest: function(operation) {
var request = this.callParent([operation]);
if (operation.action != 'read') {
Ext.applyIf(request.params, this.csrfParams());
}
return request;
}
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment