Add X-Requested-With header #16
Comments
|
What is it actually useful for, though? |
|
Hi It is usefull for detecting ajax request on the server side if i want some server-side code to be executed only in ajax request there is currently no way to detect it using hinclude Thanks |
|
@mnot Any thoughts ? see for exemple : http://symfony.com/doc/master/book/templating.html#asynchronous-content-with-hinclude-js http://symfony.com/doc/master/book/controller.html#the-request-object Thanks |
|
+1 |
|
What I'm asking for is the use case for this header - why do you need to know that it's an Ajax request on the server side? Changing content based upon request headers is inviting problems; e.g., |
|
Oh, and X-R-W also causes problems with CORS; e.g., |
|
http://steveluscher.com/archives/ajax-requests-x-requested-with-headers-and-unexpected-cache-contents this one was just a particular bug that had to be handled by the developer. I still think that checking if the request was made through Ajax or not to render a response in the good format is a good use case. Anyway other use cases may exist. If you read the bug related to angular/angular.js#1454 (angular/angular.js#1004) you'll see that simply removing X-Requested-With is not the best solution. I think removing it only if it is a cross domain request as in jQuery is a better solution. Maybe there's just a condition missing in my pull request... |
|
Sorry, I'm not convinced. What does "good format" mean here? Are you saying that you just want to change to JSON or XML (for example), or that you want to fundamentally return a different response? Please give a concrete use case. |
|
I don't want to discuss anymore, you'll never be convinced and there's no problem with that, I'll just stick with my own solution. |
|
Simple use case: I have an action to edit an entity. even rails use this header to check for ajax request (http://apidock.com/rails/ActionController/Request/xml_http_request%3Fhttp://apidock.com/rails/ActionController/Request/xml_http_request%3F) ... don't you think that if all great webframework use it, it is for a reason ? |
|
Another example: Login. |
|
Yeah, I usually use it for this same use case. One URL that returns just the form without the full layout via ajax but full layout without... |
|
Symfony2 has an isXmlHttpRequest method as a major, often used method of the Request class. As this method, and other server side frameworks use the X-Request-With header to check for a valid XmlHttpRequest, +1. This would be very useful! |
|
+1, I really need this one as well, because on ajax calls I only render the main content, on regular calls I render content and layout. Currently Hinclude renders my whole layout within some modals. |
|
+1 - cant be that hard to understand why its necessary, isnt it? |
|
+1'ing doesn't add any information. Saying "lots of other people do it" doesn't help either. No one has explained why their application needs to have the same URL for Ajax vs. non-Ajax requests; the only motivation I can see is that developers want to do it that way because they assume it should work, without considering the impacts of giving fundamentally different content the same URL. I.e., adding this header is likely to cause problems for most people who use it because they don't consider how it works with other parts of the Web. This is an anti-pattern, and other frameworks that do it should really stop. Closing this issue; if someone can show how this is wrong, I'll reopen. |
|
There is no genuine use case for the X-R-W header. All existing implementations did it that way because they either thought it was the right way or wanted to be clever. Way back when (ca. 2004/2005), we used to tell the server what we wanted using one of three ways:
These methods were proposed by many of the best practitioners of the time, and they're still the best ways to do it. Your app should not be relying on non-standard headers to decide what to do when methods of content negotiation already exist. Just because a lot of people implemented things badly doesn't make it right. |
|
Don't we have the Accept request header to do this? "The Accept request-header field can be used to specify certain media types which are acceptable for the response." Not sure if this header can be set using XHR, but I always use it just for this scenario (full HTML for "humans", same content but JSON for XHR). |
|
@bluesmoon @jvhellemond So you can explain, which is the correct media type for a partial HTML? 😉 |
|
Well said, bluesmoon. The best argument against this 'unfeature' / anti-pattern is: Usage of this application through mobile networks. At least here in germany, I suppose in other countries too, mobile network carriers use a lot of extremely aggressive caching to keep data transfer rates low. If a web server response for a request to /Login is initially done none-ajax, the result (in the given example the Full html) will be cached by the carrier. When the next request (ajax-request from another client) goes to /Login, the carrier most probably won't look at the X-Reqested-By header, and deliver the full cached HTML response. That fucks up any application relying on this. Working around these issues usually involve setting cache-headers to prevent caching in most cases and makes the application slow (you wanted also to prevent 'slow' by using ajax in the first place, didn't you?). There is no good reason to use X-R-W that would not complicate things and won't introduce additional potential error-vectors. Imho. |
|
-1 : @kingcrunch Accept: text/part+html |
|
@vrolijken Can you give me a resource, where this type is defined? Because if you argue that Beside: I like @gingters answer :) It makes sense |
|
+1 |
|
-1 Add a |
|
I am not certain, but I think preventing caching can be done with HTTP headers that are in the RFC 2616, Section 14 All those "aggressive" caching mechanisms (and CDN's for that matter) rely on usage of those RFCs (and maybe some violations). Please check in that RFC before adding to existing mechanisms. Those were invented for a reason, they are pretty old and Ajax is using HTTP as transport. So the RFC applies. If you mobile carrier brakes HTTP RFCs, write a mail to the support and tell them to RTFM the RFC and offer proper internets. |
|
In Rails we use it to work around broken Also if there's no I believe the general recommendation by Rails core is that |
|
I don't know what hinclude is, but still, here's my 2c: My app uses XRW for its response. If a request was made with Ajax, the response is only the content part, otherwise it's the full page (including menu, header, CSS etc etc). So the server knows to do less, because only the content part (a table or a list) is relevant AND the client will receive only the relevant part. The URLs are always the same though, e.g.: |
|
All people here not using Accept header or a different url for partial content don't make RESTful apps and/or API. They are wrong. Like all those people that wrote broken markup/js because 95% of people were using IE6. Please don't hurt the web, respect standards... and be RESTful. PS : Not only the X-Requested-With header is "borken" by design, but is now recommended not creating X-* headers. Just sayin' |
Wow, it must be great to have clients that don't care that their site doesn't work in large proportion of browsers - my clients don't really care whether I respect the standards or not.
The
I believe the advice was to not create new headers prefixed with X since there was no point - a bit like browser vendors supporting other browsers' CSS prefixes, making them redundant. Since |
If Rails recommends the use of a different URL rather than headers, then why not just run with that? It's a little silly to introduce a new, non-standard header in order to hack in support for one that's already available, documented and should do what it says on the tin. If (bad) clients don't respect headers, what's to say X-R-W is in any better position in the future (which, arguably, should be more important than the present.) The unfortunate reality of having to deal with shitty clients doesn't provide justification when there is a well supported solution at hand: URLs. They are cheap, well supported and actually solves the problem. It might not be fancy and shiny, but at least it doesn't smell. |
Who said it was new? It was added to Rails version 0.12 - it predates the adding of REST support to Rails.
URLs are the preferred way and take precedence over the Accept header but we still support the header - we're opinionated, not dogmatic 😄 It's up to @mnot whether he wants to add the header or not - I'm just providing some context on it's history and usage |
Fair enough; I obviously used the word "new" too freely, my apologies. The salient point being that using standard and better supported mechanisms is preferable to introducing new ones. (Oops, I guess I did it again.)
:) |
|
+1 I do not think it's right to give a different content (different layout) for a single URL. But we need to be able to distinguish AJAX requests and full requests. |
|
@peter-gribanov it causes performance problems. Do not do it. Use the standard |
|
@bluesmoon currently headlines |
|
|
|
@bluesmoon no. In this case, the content will be same in both cases, but the call context differs. |
|
If the content is the same then why does it matter what the requesting context is? The whole point of using HTTP is that the requesting context is irrelevant. |
|
@bluesmoon yes, that's right. But i'm interested in the ability to block access to content that is not supposed to show in full request. |
|
Then you should use a query string parameter or different URL to distinguish. Your client & server may understand custom HTTP headers, but intermediate proxies will not, which means they might respond with cached copies based on the URL and some of the basic content headers. I've seen intermediate proxies also ignore Cache-control headers (and a smaller number even ignore query strings), so a different URL is really the only way to handle this particular case. |
Hi,
I think it should be nice to have hinclude send and "X-Requested-With" header with the value "XMLHttpRequest"
Most js framework send this header with ajax requests and the server side framework i know (including symfony2 which has support for hinclude) use this header to help detect ajax requests
Thanks
Tom
The text was updated successfully, but these errors were encountered: