From 1e0d9a642ffe5db23086301d3eeed63f4b7bca68 Mon Sep 17 00:00:00 2001
From: David Heinemeier Hansson <david@loudthinking.com>
Date: Tue, 21 Jun 2005 07:02:30 +0000
Subject: Added :xhr => true/false option to verify so you can ensure that a
 request is coming from an Ajax call or not #1464 [Thomas Fuchs]

git-svn-id: http://svn-commit.rubyonrails.org/rails/trunk@1463 5ecf4fe2-1ee6-0310-87b1-e25e094e27de
---
 actionpack/CHANGELOG                             |  2 ++
 actionpack/lib/action_controller/request.rb      |  2 +-
 actionpack/lib/action_controller/verification.rb |  4 ++-
 actionpack/test/controller/request_test.rb       | 14 ++++++++++
 actionpack/test/controller/verification_test.rb  | 34 ++++++++++++++++++++++++
 5 files changed, 54 insertions(+), 2 deletions(-)

(limited to 'actionpack')

diff --git a/actionpack/CHANGELOG b/actionpack/CHANGELOG
index cb5e692d59..cbfb3993bb 100644
--- a/actionpack/CHANGELOG
+++ b/actionpack/CHANGELOG
@@ -1,5 +1,7 @@
 *SVN*
 
+* Added :xhr => true/false option to verify so you can ensure that a request is coming from an Ajax call or not #1464 [Thomas Fuchs]
+
 * Added tag_options as a third parameter to AssetHelper#auto_discovery_link_tag to control options like the title of the link #1430 [kevin.clark@gmail.com]
 
 * Added option to pass in parameters to CaptureHelper#capture, so you can create more advanced view helper methods #1466 [duane.johnson@gmail.com]. Example:
diff --git a/actionpack/lib/action_controller/request.rb b/actionpack/lib/action_controller/request.rb
index 73247d510a..5b4d337f47 100755
--- a/actionpack/lib/action_controller/request.rb
+++ b/actionpack/lib/action_controller/request.rb
@@ -65,7 +65,7 @@ module ActionController
     # "XMLHttpRequest". (The Prototype Javascript library sends this header with
     # every Ajax request.)
     def xml_http_request?
-      env['HTTP_X_REQUESTED_WITH'] =~ /XMLHttpRequest/i
+      !((env['HTTP_X_REQUESTED_WITH'] || "") =~ /XMLHttpRequest/i).nil?
     end
     alias xhr? :xml_http_request?
 
diff --git a/actionpack/lib/action_controller/verification.rb b/actionpack/lib/action_controller/verification.rb
index ec3c5fe26c..78918f800c 100644
--- a/actionpack/lib/action_controller/verification.rb
+++ b/actionpack/lib/action_controller/verification.rb
@@ -76,7 +76,9 @@ module ActionController #:nodoc:
         prereqs_invalid ||= 
           [*options[:method]].all? { |v| @request.method != v.to_sym }
       end
-
+      
+      prereqs_invalid ||= (request.xhr? != options[:xhr]) unless options[:xhr].nil?
+      
       if prereqs_invalid
         flash.update(options[:add_flash]) if options[:add_flash]
         unless performed?
diff --git a/actionpack/test/controller/request_test.rb b/actionpack/test/controller/request_test.rb
index dd7c9f9d84..8980ac7520 100644
--- a/actionpack/test/controller/request_test.rb
+++ b/actionpack/test/controller/request_test.rb
@@ -210,4 +210,18 @@ class RequestTest < Test::Unit::TestCase
     @request.env['SERVER_SOFTWARE'] = 'lighttpd(1.1.4)'
     assert_equal 'lighttpd', @request.server_software
   end
+  
+  def test_xml_http_request
+    assert !@request.xml_http_request?
+    assert !@request.xhr?
+    
+    @request.env['HTTP_X_REQUESTED_WITH'] = "DefinitelyNotAjax1.0"
+    assert !@request.xml_http_request?
+    assert !@request.xhr?
+    
+    @request.env['HTTP_X_REQUESTED_WITH'] = "XMLHttpRequest"
+    assert @request.xml_http_request?
+    assert @request.xhr?
+  end
+  
 end
diff --git a/actionpack/test/controller/verification_test.rb b/actionpack/test/controller/verification_test.rb
index d5741526ef..fc49d5da67 100644
--- a/actionpack/test/controller/verification_test.rb
+++ b/actionpack/test/controller/verification_test.rb
@@ -20,6 +20,12 @@ class VerificationTest < Test::Unit::TestCase
 
     verify :only => :guarded_by_method, :method => :post,
            :redirect_to => { :action => "unguarded" }
+           
+    verify :only => :guarded_by_xhr, :xhr => true,
+           :redirect_to => { :action => "unguarded" }
+           
+    verify :only => :guarded_by_not_xhr, :xhr => false,
+           :redirect_to => { :action => "unguarded" }
 
     before_filter :unconditional_redirect, :only => :two_redirects
     verify :only => :two_redirects, :method => :post,
@@ -54,6 +60,14 @@ class VerificationTest < Test::Unit::TestCase
     def guarded_by_method
       render :text => "#{@request.method}"
     end
+    
+    def guarded_by_xhr
+      render :text => "#{@request.xhr?}"
+    end
+    
+    def guarded_by_not_xhr
+      render :text => "#{@request.xhr?}"
+    end
 
     def unguarded
       render :text => "#{@params["one"]}"
@@ -173,6 +187,26 @@ class VerificationTest < Test::Unit::TestCase
     assert_redirected_to :action => "unguarded"
   end
   
+  def test_guarded_by_xhr_with_prereqs
+    xhr :post, :guarded_by_xhr
+    assert_equal "true", @response.body
+  end
+    
+  def test_guarded_by_xhr_without_prereqs
+    get :guarded_by_xhr
+    assert_redirected_to :action => "unguarded"
+  end
+  
+  def test_guarded_by_not_xhr_with_prereqs
+    get :guarded_by_not_xhr
+    assert_equal "false", @response.body
+  end
+    
+  def test_guarded_by_not_xhr_without_prereqs
+    xhr :post, :guarded_by_not_xhr
+    assert_redirected_to :action => "unguarded"
+  end
+  
   def test_guarded_post_and_calls_render    
     post :must_be_post
     assert_equal "Was a post!", @response.body
-- 
cgit v1.2.3