flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <aha...@adobe.com>
Subject Re: git commit: [flex-asjs] [refs/heads/develop] - CORS security. Allow auth credentials to be passed when using cross site calls. This is required as well as setting the Access-Control-Allow-Origin header on the server.
Date Tue, 11 Apr 2017 06:40:16 GMT
IMO, a bead is still best, but your proposed implementation isn't what I
would recommend.  With beads, we are trying for loose coupling, separation
of concerns, abstraction, encapsulation, and a bunch of other Computer
Science practices.  Hopefully, any communication between the strand and
bead is general and not specific to certain beads.  If your strand code
actually knows the type of the bead, then your code is probably not using
abstraction properly.

One pattern I like, that we've used in several components, is lifecycle
events.  So, the send() method might dispatch an event called
"prepareToSend".  That is only one line of new code.  Your CORS bead, and
anybody else's beads that add capabilities to HTTPService would simply
listen for that event, grab the element and fiddle with the element as
needed.  Other beads might add headers, scan the URL for exploits, etc.

HTH,
-Alex

On 4/10/17, 6:56 PM, "Justin Mclean" <justin@classsoftware.com> wrote:

>Hi,
>
>I’ll respond to your email in full later.
>
>Lets assume we make it a bead.
>
>In this case it will add more lines of code (about a dozen) to
>HTTPService and will have a bigger cost people who both use it and don’t
>use it. Currently it’s only a two line method and there no runtime cost
>to people who don’t use it.
>
>That doesn’t seem PAYG to me. Do you still think that is best way
>forward? Or can you suggest another way to get this to work that is no
>cost to people who don’t use it?
>
>Here's what I think would need to be done. I would need to add something
>like this to the JS send method (or call new method(s) that do something
>similar).
>
>int noBeads:int = 0;
>for (int i = 0; i < noBeads; i++) {
>    if (beads[i] is CORSAuthenicationBead) {
>        element.withAuthenication =  (beads[i] as
>CORSAuthenicationBead).withAuthenication;
>    }
>} 
>
>(withAuthenication needs to set at runtime not just when the bead is
>added)
>
>We could perhaps create a CORSAuthenicationBead and a
>CORSRuntimeAuthenicationBead, but that’s will add more code/cost, as well
>as the code above we would also need to add code in addBead as well to
>set withAuthenication.
>
> But wait addBead only exist on the AS side not the JS side (unless sI’m
>missing something):
>COMPILE::SWF
>public function addBead(bead:IBead):void
>
>And this it looks like the set strand method is broken on JS:
> public function set strand(value:IStrand):void
> {
>     _strand = value;
>     if (_beads == null)
>     {
>         for each (var bead:IBead in beads)
>             addBead(bead);
>     }
>     
>     dispatchEvent(new org.apache.flex.events.Event("beadsAdded"));
>}
>
>So we also would need add a JS version of addBead as well with again more
>code and cost.
>
>So I’ll ask again given the above do you think that a bead is best here?
>Especially when it adds runtime cost (runtime and size) to user if they
>use it or not?
>
>Thanks,
>Justin

Mime
View raw message