New in Telligent Evolution Platform 5.5
New security updates in Telligent Evolution platform 5.5 release require adding a "Rest-Authorization-Code" header to your AJAX REST request when using pass-through authentication. Normally pass-through authentication is used by widgets on a community site. The value to add to the request header is obtained from a cookie named "AuthorizationCookie". Requiring the value from the cookie to be sent in the request header is a security measure for defending against cross site request forgery.
When using inside a widget that will be hosted within the Telligent Evolution platform, you should use
Example Code (jQuery)
$.ajax({
…
beforeSend: function(xhr) {TelligentUtility.WriteAuthorizationHeader(xhr);}
…
});
Instead of the custom addHeaders and readCookie functions detailed below. The utility function is present on all Telligent Evolution platform-rendered pages.
To add the new header, add a beforeSend argument to your jQuery AJAX request that will call method addHeaders. Your addHeaders code should read the value of the AuthorizationCookie cookie and add that value to your request using a header named Rest-Authorization-Code. Your code should look similar to the following:
Example Code (jQuery)
$.ajax({
url: 'http://mysite.com/api.ashx/v2/users.xml',
beforeSend: addHeaders,
dataType: "text",
processData: false,
success: function(data, status) {
// do stuff here
},
error: function(xhr, status, error) {
// do stuff here
}
});
var addHeaders = function(xhr) {
var restAuthHeader = readCookie("AuthorizationCookie");
if (restAuthHeader != null) {
xhr.setRequestHeader("Rest-Authorization-Code", restAuthHeader);
}
};
var readCookie = function(input) {
var nameEQ = input + "=";
var ca = document.cookie.split(';');
for (var i = 0; i < ca.length; i++) {
var c = ca[ i ];
while (c.charAt(0) == ' ') c = c.substring(1, c.length);
if (c.indexOf(nameEQ) == 0)
return c.substring(nameEQ.length, c.length);
}
return null;
};