flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <aha...@adobe.com>
Subject Re: git commit: [flex-asjs] [refs/heads/develop] - CORS security. Allow auth credentials to be passed when using cross site calls. This is required as well as setting the Access-Control-Allow-Origin header on the server.
Date Wed, 12 Apr 2017 06:08:34 GMT

On 4/11/17, 9:44 PM, "omuppi1@gmail.com on behalf of OmPrakash Muppirala"
<omuppi1@gmail.com on behalf of bigosmallm@gmail.com> wrote:
>One common approach I have seen in JS webservice libraries is to allow the
>users to attach an interceptor function which will carry the requrst
>in the function args.  The user can then attach any headers they want to
>the request object inside the function.
>This would be a static method on HTTPService.  That way, for example, once
>authenticated, all api calls could be intercepted and authentication
>headers attached.  Or perhaps CORS headers attached if the situation
>In runtime we check
>if(HttpService.interceptor) {
>    HTTPService. interceptor.call(this.request);

If I understand that pattern, it and other callback patterns are ok, but
not my favorite pattern because it sort of implies that there is only one
interceptor.  That's what I like about events and other multi-subscriber
patterns:  any number of other objects can find out what is going on and
remove themselves from the list of folks that care.

My 2 cents,

View raw message