Closed knivets closed 5 years ago
A contentType or etc can be added inside req
by augmenting params argument
So the only usecase for those methods here is to not type method: ‘post’
inside params
The rationale is to simply the interface for ajax calls done by the components such as to mitigate potential issues like CVE-2015-9251: "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed."
Maybe I'm missing something but can't we add the needed parameters inside the req
implementation, like this:
req: function(params, doneCb, failCb){
if(!failCb) failCb = handleRequestError;
params.contentType = 'application/json';
params.authentication = 'http';
return $.ajax(params).done(doneCb).fail(failCb);
},
Can we have
get
,post
,put
,patch
,delete
methods in thehttpMixin
? with parameters:The idea is that
httpMixin
methods adds the contentType, dataType and authorization headers to prevent issues like CVE-2015-9251.