X-Git-Url: https://git.auder.net/?p=vchess.git;a=blobdiff_plain;f=client%2Fsrc%2Futils%2Fajax.js;h=86925b03765006dae3eaeeb36bc388f61b884efb;hp=0a50a10409ac1c332b84e141f61a110846b72c0f;hb=4f298adbee00942323fc7ec517117552aeb5a08a;hpb=1aeed627be63a298d3a093797c3728e3de30b464 diff --git a/client/src/utils/ajax.js b/client/src/utils/ajax.js index 0a50a104..86925b03 100644 --- a/client/src/utils/ajax.js +++ b/client/src/utils/ajax.js @@ -1,60 +1,70 @@ import params from "../parameters"; //for server URL +// TODO: replace by fetch API ? +// https://www.sitepoint.com/xmlhttprequest-vs-the-fetch-api-whats-best-for-ajax-in-2019/ +// Problem: fetch() does not set req.xhr... see access/ajax() security especially for /whoami + // From JSON (encoded string values!) to "arg1=...&arg2=..." function toQueryString(data) { - let data_str = ""; - Object.keys(data).forEach(k => { - data_str += k + "=" + encodeURIComponent(data[k]) + "&"; - }); - return data_str.slice(0, -1); //remove last "&" + let data_str = ""; + Object.keys(data).forEach(k => { + data_str += k + "=" + encodeURIComponent(data[k]) + "&"; + }); + return data_str.slice(0, -1); //remove last "&" } // data, error: optional export function ajax(url, method, data, success, error) { - let xhr = new XMLHttpRequest(); - if (typeof(data) === "function") //no data - { - error = success; - success = data; - data = {}; - } - if (!error) - error = errmsg => { alert(errmsg); }; - - xhr.onreadystatechange = function() { - if (this.readyState == 4 && this.status == 200) - { + let xhr = new XMLHttpRequest(); + if (data === undefined || typeof(data) === "function") //no data + { + error = success; + success = data; + data = {}; + } + if (!success) + success = () => {}; //by default, do nothing + if (!error) + error = errmsg => { alert(errmsg); }; + xhr.onreadystatechange = function() { + if (this.readyState == 4 && this.status == 200) + { let res_json = ""; - try { - res_json = JSON.parse(xhr.responseText); + try { + res_json = JSON.parse(xhr.responseText); } catch (e) { - // Plain text (e.g. for rules retrieval) - return success(xhr.responseText); + // Plain text (e.g. for rules retrieval) + return success(xhr.responseText); } - if (!res_json.errmsg) + if (!res_json.errmsg && !res_json.errno) success(res_json); - else - error(res_json.errmsg); - } - }; + else + { + if (!!res_json.errmsg) + error(res_json.errmsg); + else + error(res_json.code + ". errno = " + res_json.errno); + } + } + }; - if (["GET","DELETE"].includes(method) && !!data) - { - // Append query params to URL - url += "/?" + toQueryString(data); - } - xhr.open(method, params.serverUrl + url, true); - xhr.setRequestHeader('X-Requested-With', "XMLHttpRequest"); - // Next line because logout and authenticate set (cross-domain in dev mode) cookies - if (url.startsWith("/authenticate") || url.startsWith("/logout")) + if (["GET","DELETE"].includes(method) && !!data) + { + // Append query params to URL + url += "/?" + toQueryString(data); + } + xhr.open(method, params.serverUrl + url, true); + xhr.setRequestHeader('X-Requested-With', "XMLHttpRequest"); + // Next line to allow cross-domain cookies in dev mode + if (params.cors) xhr.withCredentials = true; if (["POST","PUT"].includes(method)) - { - xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8"); - xhr.send(JSON.stringify(data)); - } - else - xhr.send(); + { + xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8"); + xhr.send(JSON.stringify(data)); + } + else + xhr.send(); }