dynamiques de formulaires, autocompletion – Validation avec interrogation du serveur – … L’objet XMLHttpRequest • Initiative de Microsoft – Composant ActiveX de IE5 – Adopté par Mozilla 1.0 et Safari 1.2 ss.com/Content/Development/JavaScript/Articl es/GIFAsPipe/Index.cfm 10https://www.w3.org/TR/XMLHttpRequest/ 4 • Supporté par la majorité des navigateurs • Alternative souhaitable si JS désactivé XHR ActiveXObject) { xhr = new ActiveXObject("Microsoft.XMLHTTP"); } else if (window.XMLHttpRequest) { xhr = new XMLHttpRequest(); } } • Dans son contexte11 XHR en jQuery avec load()

almost entirely disregarded. Exam- ples: Prose form Correct Incorrect “XML HTTP request” XmlHttpRequest XMLHTTPRequest “new customer ID” newCustomerId newCustomerID “inner stopwatch” innerStopwatch innerStopWatch

cookies sent by the request (needs the cookie-parser middleware) .xhr true if the request is an XMLHttpRequest 5. Send a response to the client In the Hello World example we used the send() method of

var url = 'http://localhost:8181/context.json?sessionId=' + sessionId; var xhr = new XMLHttpRequest(); var isGet = data.length < 100; if (isGet) { xhr.withCredentials = true;

is OPTIONS. is('ajax') Check to see whether the current request came with X-Requested- With = XMLHttpRequest. is('ssl') Check to see whether the request is via SSL is('flash') Check to see whether the request }); JsHelper::request($url, $options = array()) Generate a JavaScript snippet to create an XmlHttpRequest or ‘AJAX’ request. Event Options complete - Callback to fire on complete. success - Callback JsHelper::submit($caption = null, $options = array()) Create a submit input button that enables XmlHttpRequest submitted forms. Options can include both those for FormHelper::submit() and JsBaseEngine::request()

OPTIONS. • is('ajax') Check to see whether the current request came with X-Requested-With = XMLHttpRequest. • is('ssl') Check to see whether the request is via SSL • is('flash') Check to see whether }); JsHelper::request($url, $options = array()) Generate a JavaScript snippet to create an XmlHttpRequest or ‘AJAX’ request. Event Options • complete - Callback to fire on complete. • success - Callback JsHelper::submit($caption = null, $options = array()) Create a submit input button that enables XmlHttpRequest submitted forms. Options can include both those for FormHelper::submit() and JsBaseEngine::request()

orgery Prior to release 1.1.1, this check was ignored if the HTTP header X-Requested- With: XMLHTTPRequest was present. This exception has been shown to be insecure and has been removed. For more information backwards-incompatible change. Applications that previously relied on a blanket exception for XMLHTTPRequest may need to be modified to explicitly include the XSRF token when making ajax requests. The

forgery Prior to release 1.1.1, this check was ignored if the HTTP header X-Requested-With: XMLHTTPRequest was present. This exception has been shown to be insecure and has been re- moved. For more information backwards-incompatible change. Applications that previously relied on a blanket exception for XMLHTTPRequest may need to be modified to explicitly include the XSRF token when making ajax requests. The

forgery Prior to release 1.1.1, this check was ignored if the HTTP header X-Requested-With: XMLHTTPRequest was present. This exception has been shown to be insecure and has been re- moved. For more information backwards-incompatible change. Applications that previously relied on a blanket exception for XMLHTTPRequest may need to be modified to explicitly include the XSRF token when making ajax requests. The

>>> c.get('/customers/details/', {'name': 'fred', 'age': 7}, ... HTTP_X_REQUESTED_WITH='XMLHttpRequest') …will send the HTTP header HTTP_X_REQUESTED_WITH to the details view, which is a good way as POST data with every POST request. For this reason, there is an alternative method: on each XMLHttpRequest, set a custom X-CSRFToken header to the value of the CSRF token. This is often easier, because made via an XMLHttpRequest, by checking the HTTP_X_REQUESTED_WITH header for the string 'XMLHttpRequest'. Most modern JavaScript libraries send this header. If you write your own XMLHttpRequest call (on the