Skip to content

Add postAjax() to Html Builder #45

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Dec 15, 2017
Merged

Add postAjax() to Html Builder #45

merged 3 commits into from
Dec 15, 2017

Conversation

ElfSundae
Copy link
Contributor

As @herzcthu said on #13 (comment) , minifiedAjax does not help for a "very big" table.

I think POST ajax is common as well as GET, so I'd like to add a new method postAjax() to the Html\Builder, and postAjax() has the same API as ajax().

$builder->postAjax();

equals:

$builder->ajax([
    'type' => 'POST',
    'headers' => [
        'X-CSRF-TOKEN' => 'xxxxxx',
    ],
]);
  • Except type and method, any other options will be merged into the final ajax parameter, users are free to set any options for ajax.
  • Using an empty string for url is unnecessary, so I did not fill the default url value. If there is a reason to provide a default url, I will add it.
  • Adding X-CSRF-TOKEN header is a safe way to handle CSRF protection. It does not touch/care ajax.data, ajax.beforeSend, jQuery.ajaxPrefilter, jQuery.ajaxSetup, even existing ajax.headers.X-CSRF-TOKEN.

@yajra
Copy link
Owner

yajra commented Nov 28, 2017

Nice idea on adding the token header. The PR looks good but will some actual test within the week. Thanks!

I think we should also note that there is an implication here on the routes. If you are using resource controller, then the request would go to the store method.

@ElfSundae
Copy link
Contributor Author

@yajra Yeah, you are right, thanks for reminding. I did not notice resource controllers as I use my custom resource routes&controller instead of Laravel built-in Route::resource().

Adding a POST route to index may be a workaround?

Route::post('users', 'UserController@index');
Route::resource('users', 'UserController', ['except' => 'store']);

I know it is not an elegant solution, I am not familiar with Laravel resource controller...

@ElfSundae
Copy link
Contributor Author

Another solution: set X-HTTP-Method-Override HTTP header to GET, with POST Ajax method. And we don't need to set CSRF token.

- if (app()->bound('session') && $token = app('session')->token()) {
-     $attributes = Arr::add($attributes, 'headers.X-CSRF-TOKEN', $token);
- }
+ Arr::set($attributes, 'headers.X-HTTP-Method-Override', 'GET');

But we should note that using postAjax() does not mean your route method should be POST as well, contrarily, you need to register your route as GET. is this a problem?

@ElfSundae
Copy link
Contributor Author

Another solution: Remove parameters for postAjax(), and the postAjax() just acts "Ajax via POST":

$builder->ajax(...)->postAjax();

Or maybe better to do this by changing Builder::ajax() method:

public function ajax($attributes = '', $post = false)

I will submit a new PR for this.

@ElfSundae ElfSundae mentioned this pull request Nov 28, 2017
Closed
@ElfSundae ElfSundae closed this Dec 7, 2017
@ElfSundae ElfSundae reopened this Dec 15, 2017
@yajra yajra merged commit ebba497 into yajra:3.0 Dec 15, 2017
@yajra
Copy link
Owner

yajra commented Dec 15, 2017

Released on v3.3.0 🎊 🚀

@ElfSundae ElfSundae deleted the post-ajax branch December 15, 2017 16:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ElfSundae @yajra