diff options
| author | Igor Minar | 2011-06-29 00:25:13 -0700 |
|---|---|---|
| committer | Igor Minar | 2011-06-30 00:34:50 -0700 |
| commit | c5f3a413bc00acf9ac1046fb15b454096a8890c6 (patch) | |
| tree | 9000f1f5f377d5f022aa8e338dfe810dc913d282 /src/service/xhr.js | |
| parent | d3fb5b411e979d0a4815c663c3489652fc5350f9 (diff) | |
| download | angular.js-c5f3a413bc00acf9ac1046fb15b454096a8890c6.tar.bz2 | |
feat:$xhr: provide access to $xhr header defaults
$xhr header defaults are now exposed as $xhr.defaults.headers.common and
$xhr.default.headers.<httpmethod>. This allows applications to configure
their defaults as needed.
This commit doesn't allow headers to be set per request, only per
application. Per request change would require api change, which I tried
to avoid *for now*.
Diffstat (limited to 'src/service/xhr.js')
| -rw-r--r-- | src/service/xhr.js | 42 |
1 files changed, 38 insertions, 4 deletions
diff --git a/src/service/xhr.js b/src/service/xhr.js index 62b27263..d26cda42 100644 --- a/src/service/xhr.js +++ b/src/service/xhr.js @@ -24,6 +24,22 @@ * and process it in application specific way, or resume normal execution by calling the * request callback method. * + * # HTTP Headers + * The $xhr service will automatically add certain http headers to all requests. These defaults can + * be fully configured by accessing the `$xhr.defaults.headers` configuration object, which + * currently contains this default configuration: + * + * - `$xhr.defaults.headers.common` (headers that are common for all requests): + * - `Accept: application/json, text/plain, *\/*` + * - `X-Requested-With: XMLHttpRequest` + * - `$xhr.defaults.headers.post` (header defaults for HTTP POST requests): + * - `Content-Type: application/x-www-form-urlencoded` + * + * To add or overwrite these defaults, simple add or remove a property from this configuration + * object. To add headers for an HTTP method other than POST, simple create a new object with name + * equal to the lowercased http method name, e.g. `$xhr.defaults.headers.get['My-Header']='value'`. + * + * * # Security Considerations * When designing web applications your design needs to consider security threats from * {@link http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx @@ -126,7 +142,21 @@ </doc:example> */ angularServiceInject('$xhr', function($browser, $error, $log, $updateView){ - return function(method, url, post, callback){ + + var xhrHeaderDefaults = { + common: { + "Accept": "application/json, text/plain, */*", + "X-Requested-With": "XMLHttpRequest" + }, + post: {'Content-Type': 'application/x-www-form-urlencoded'}, + get: {}, // all these empty properties are needed so that client apps can just do: + head: {}, // $xhr.defaults.headers.head.foo="bar" without having to create head object + put: {}, // it also means that if we add a header for these methods in the future, it + 'delete': {}, // won't be easily silently lost due to an object assignment. + patch: {} + }; + + function xhr(method, url, post, callback){ if (isFunction(post)) { callback = post; post = null; @@ -155,8 +185,12 @@ angularServiceInject('$xhr', function($browser, $error, $log, $updateView){ } finally { $updateView(); } - }, { - 'X-XSRF-TOKEN': $browser.cookies()['XSRF-TOKEN'] - }); + }, extend({'X-XSRF-TOKEN': $browser.cookies()['XSRF-TOKEN']}, + xhrHeaderDefaults.common, + xhrHeaderDefaults[lowercase(method)])); }; + + xhr.defaults = {headers: xhrHeaderDefaults}; + + return xhr; }, ['$browser', '$xhr.error', '$log', '$updateView']); |