aboutsummaryrefslogtreecommitdiffstats
path: root/src/Browser.js
diff options
context:
space:
mode:
authorMisko Hevery2011-03-10 13:50:00 -0800
committerMisko Hevery2011-03-11 14:16:53 -0800
commitc578f8c3ed0ca23b03ccde146cb13cfaf24f17cd (patch)
tree12182c82ee4411091b6d92f81829dd52f8792e27 /src/Browser.js
parent5b05c0de036f77db0cc493082e21b1451c6b9a5f (diff)
downloadangular.js-c578f8c3ed0ca23b03ccde146cb13cfaf24f17cd.tar.bz2
Added XSRF prevention logic to $xhr service
Diffstat (limited to 'src/Browser.js')
-rw-r--r--src/Browser.js20
1 files changed, 16 insertions, 4 deletions
diff --git a/src/Browser.js b/src/Browser.js
index fe6220ed..abafb2a5 100644
--- a/src/Browser.js
+++ b/src/Browser.js
@@ -7,6 +7,11 @@ var XHR = window.XMLHttpRequest || function () {
try { return new ActiveXObject("Msxml2.XMLHTTP"); } catch (e3) {}
throw new Error("This browser does not support XMLHttpRequest.");
};
+var XHR_HEADERS = {
+ "Content-Type": "application/x-www-form-urlencoded",
+ "Accept": "application/json, text/plain, */*",
+ "X-Requested-With": "XMLHttpRequest"
+};
/**
* @private
@@ -72,11 +77,18 @@ function Browser(window, document, body, XHR, $log) {
* @param {string} url Requested url
* @param {?string} post Post data to send (null if nothing to post)
* @param {function(number, string)} callback Function that will be called on response
+ * @param {object=} header additional HTTP headers to send with XHR.
+ * Standard headers are:
+ * <ul>
+ * <li><tt>Content-Type</tt>: <tt>application/x-www-form-urlencoded</tt></li>
+ * <li><tt>Accept</tt>: <tt>application/json, text/plain, &#42;/&#42;</tt></li>
+ * <li><tt>X-Requested-With</tt>: <tt>XMLHttpRequest</tt></li>
+ * </ul>
*
* @description
* Send ajax request
*/
- self.xhr = function(method, url, post, callback) {
+ self.xhr = function(method, url, post, callback, headers) {
outstandingRequestCount ++;
if (lowercase(method) == 'json') {
var callbackId = "angular_" + Math.random() + '_' + (idCounter++);
@@ -92,9 +104,9 @@ function Browser(window, document, body, XHR, $log) {
} else {
var xhr = new XHR();
xhr.open(method, url, true);
- xhr.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
- xhr.setRequestHeader("Accept", "application/json, text/plain, */*");
- xhr.setRequestHeader("X-Requested-With", "XMLHttpRequest");
+ forEach(extend(XHR_HEADERS, headers || {}), function(value, key){
+ if (value) xhr.setRequestHeader(key, value);
+ });
xhr.onreadystatechange = function() {
if (xhr.readyState == 4) {
completeOutstandingRequest(callback, xhr.status || 200, xhr.responseText);
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 12:41:35 +0000