Skip to main content

Dojo and Rails CSRF

If you're using Dojo and Rails & are having some issues with asyncs to your server being rejected, consider employing the following in your xhr or JsonRest:

headers: {
 "X-CSRF-Token": query("meta[name='csrf-token']").attr("content")

In my particular situation, I was trying to do HTTP POSTs and Rails was terminating my session likely because it perceived the lack of a CSRF token as a hijack attempt.  The code here simply adds the token as an HTTP header in the request.

I think once I've had some time with this fix, I might look at subclassing these objects for my project and pre-populating the header.  Then I'll simply substitute my implementations for the default Dojo ones.

Which - come to think of it - would probably make for a good case when discussing the advantages of AMD.

Fear not, if you happen to be using jQuery and are experiencing this issue, here's an equivalent solution.

Popular posts from this blog

Amazon in Winnipeg?

Late last week, Amazon put word out that they're starting to look for a city to locate a second headquarters.  The fuel this announcement provides has the hype train in Winnipeg going so fast, it's missing stops.

I'm curious though.  As you've been digesting this exciting news, who have you spoken or listened to?
Was it this guy and his party's historic theft of public infrastructure (pdf) and incompetence with digital strategy? Or how about this guy, who maintains that Winnipeg doesn't need a proper rapid transit option?  You know, the kind that might actually catch the eye of handsome Amazon who now has Winnipeg trying to be the belle of the ball.

Runner up articles are Winnipeg's inability to join the 21st centry on active transport and the compounding of the aforementioned digital strategy mistakes.
Stop Listening to These Guys They are not technology experts. At worst, they're unabashed self promoters. At best they're conduits for very bad pol…

The Cons, Winnipeg's New Splash Pads

I never had the chance to be ungrateful, the new splash pad at Kildare and Wabasha isn't a splash pad at all.  It was taken away from us and replaced with an "aquatic park", a little bit of wordsmithing designed to gloss over the fact that an open piece of our community has been replaced with yet another closed gate.

As I write this post now, I can hear it already: "Taken away, what?! It's a new water park, you're so..."
Sure, some might reach for that tired recrimination, which is why I started this blog post by dismissing such a premise.  To be fair however, I offer the response: Don't spoil this discussion with nonsense.
You see, I was grateful before the renovations happened.  The communal service on offer was adequate and I never complained about it or saw it as flawed.  Don't believe me? Here, this is a cute google-generated animation of my son enjoying the splash pad in 2014.

Today we took the kids to see if we could spend some time at th…

Winnipeg Devs! Let's get WPL to carry O'Reilly Safari!

Short and sweet. I discovered the other day that the Toronto Public Library actually gives members access to O'Reilly Safari -- I was instantly jealous! You probably already know that this is a pretty good service chock-a-block full of great resources.

The good news is that we have a way to request new content from the Winnipeg Public Library.  This includes digital content, so I've done exactly that!
If you're interested in adding your voice to mine, I've put together a letter that you need to copy/paste and enter into their simple form. Here's a copy that you can read as part of this post:

This is a request for ongoing and full access to the complete O'Reilly Safari catalogue via a Winnipeg Public Library card. I am filing this under "Magazine Purchase" as it's not a single book, but an ongoing service. Following is a list of the most prominent benefits of adding this service to the collection:
O'Reilly produces extremely high quality conten…