Skip to main content

Dojo and Rails CSRF

If you're using Dojo and Rails & are having some issues with asyncs to your server being rejected, consider employing the following in your xhr or JsonRest:

headers: {
 "X-CSRF-Token": query("meta[name='csrf-token']").attr("content")
}

In my particular situation, I was trying to do HTTP POSTs and Rails was terminating my session likely because it perceived the lack of a CSRF token as a hijack attempt.  The code here simply adds the token as an HTTP header in the request.

I think once I've had some time with this fix, I might look at subclassing these objects for my project and pre-populating the header.  Then I'll simply substitute my implementations for the default Dojo ones.

Which - come to think of it - would probably make for a good case when discussing the advantages of AMD.

Fear not, if you happen to be using jQuery and are experiencing this issue, here's an equivalent solution.

Popular posts from this blog

Making TypeScript npm Packages

If you've landed here, I can only assume you're like me and see packages as the highest form of sophistication in software development.  In that same vein, I bet at some point in the past you've wished you could start applying DRY principles to your client-side efforts.  I know for myself, I don't enjoy writing the same application bootstrap code constantly and so recently, I was motivated to codify it.

This body of understanding has taken me quite some while to figure out, hopefully what I share here is helpful enough to get you up to speed.  No post is complete without some kind of example, so throughout I'm going to reference a package I've just finished putting together called protoculture.

Briefly described, protoculture encapsulates all the common bootstrap and conventions I've been using while developing TypeScript apps that use React and Redux.  Honestly, I've already gotten a lot of benefit out of putting this package together, but nothing about…

The Cons, Winnipeg's New Splash Pads

I never had the chance to be ungrateful, the new splash pad at Kildare and Wabasha isn't a splash pad at all.  It was taken away from us and replaced with an "aquatic park", a little bit of wordsmithing designed to gloss over the fact that an open piece of our community has been replaced with yet another closed gate.

As I write this post now, I can hear it already: "Taken away, what?! It's a new water park, you're so..."
Sure, some might reach for that tired recrimination, which is why I started this blog post by dismissing such a premise.  To be fair however, I offer the response: Don't spoil this discussion with nonsense.
You see, I was grateful before the renovations happened.  The communal service on offer was adequate and I never complained about it or saw it as flawed.  Don't believe me? Here, this is a cute google-generated animation of my son enjoying the splash pad in 2014.

Today we took the kids to see if we could spend some time at th…

Building .NET Core Nuget Packages

My last blog post was on building and publishing npm packages, specifically for typescript projects. In my opinion, packages are an important fundamental unit in software development. They sit at the confluence of technical competence and collaboration, and represent something the software community should be proud of.
Most of the time, you're going to be creating software packages once you're comfortable with some essential pillars: CodingProject structureSoftware architectureBuildingDeliveryCommunityLicensing
After I got my npm package up and running, my next task was to do the same thing with my C# libraries. Similar to protoculture, I have made a library called praxis.  This is done by leveraging the services and tooling known in the .NET ecosystem as nuget.


In this case, praxis abstracts many of the concepts and functionality I require when producing server projects. It builds on top of ASP.NET Core, so in that sense you can almost think of it as a framework-framework. The…