From fc16450344c87b8d3e45c9052075bb245b230ba2 Mon Sep 17 00:00:00 2001 From: Scott Andrews Date: Fri, 30 Aug 2013 12:01:58 -0400 Subject: [PATCH] Demonstrate rest.js CSRF support in reference docs rest.js 0.9.4 added support for applying the CSRF header and token to Ajax requests. --- docs/manual/src/docbook/csrf.xml | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/docs/manual/src/docbook/csrf.xml b/docs/manual/src/docbook/csrf.xml index 1389883939..9526f0505d 100644 --- a/docs/manual/src/docbook/csrf.xml +++ b/docs/manual/src/docbook/csrf.xml @@ -141,12 +141,20 @@ public class WebSecurityConfig extends ... ...]]> - You can then include the token within all your AJAX requests. If you were using JQuery, this could be done with the following: - You can then include the token within all your Ajax requests. If you were using jQuery, this could be done with the following: + + As a alternative to jQuery, we recommend using cujoJS’s rest.js. rest.js provides advanced support for working with HTTP request and responses in RESTful ways. A core capability is the ability to contextualize the HTTP client adding behavior as needed by chaining interceptors on to the client. + + The configured client can be shared with any component of the application that needs to make a request to the CSRF protected resource. One significant different between rest.js and jQuery is that only requests made with the configured client will contain the CSRF token, vs jQuery where all requests will include the token. The ability to scope which requests receive the token helps guard against leaking the CSRF token to a third party. Please refer to the rest.js reference documentation for more information on rest.js.