Dojo rpc.JsonService - set custom header

Question

Dojo v1.6.0. Is there any way to set custom header (spring csrf protection in my case) to every call for all instances of dojo.rpc.JsonService()?

Or at least to every call for specific instances of dojo.rpc.JsonService()?

Problem is in back-end Spring 4 csrf protection which filters everything without specific header in request and returns HTTP 403 Forbidden status.

For now my code looks like:

...
dojo.require("dojo.rpc.RpcService");
dojo.require("dojo.rpc.JsonService");
var myService = new dojo.rpc.JsonService("someMyService");
var result = myService.myRemoteMethod(param1, param2, ... );
...

For example for jQuery code which handles every ajax request and set header to it looks like:

var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");
$(document).ajaxSend(function (e, xhr, options) {
    xhr.setRequestHeader(header, token);
});

It would be perfect to make something like that for dojo.

score 0 · Accepted Answer · edited May 23 '17 at 10:30

I haven't found any solution for dojo 1.6, but found that I can fix this problem with handling every ajax request with pure javascript as explained here

So my final solution is:

(function(send) {
    var token = $("meta[name='_csrf']").attr("content");
    var header = $("meta[name='_csrf_header']").attr("content");
    XMLHttpRequest.prototype.send = function(data) {
        if (isNotBlank(token) && isNotBlank(header)) {
            this.setRequestHeader(header, token);
        }
        send.call(this, data);
    };

})(XMLHttpRequest.prototype.send);

Dojo rpc.JsonService - set custom header

1 Answers1