W liście Vladimir Dronnikov z dnia poniedziałek 01 lutego 2010: > > The iframe file upload technique is the only one available because you > > can't push files through xhr. So technically that isn't an XHR request. > > So I suppose you want to mark such uploads as being "asynchronous" to > > the page their iframes originate within? > > Yep. And want it be consistent and standard thru all the code. We > could thoroughly choose a POST variable name and make request object > respect it. I vote for "_ajax" (similar to "_method").
Security risk. For is_xhr requests you can disable CSRF checks, as there is no known way of sending a cross-site forged request with this header set. But it's trivial to spoof one more field. -- Paweł Stradomski -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/pylons-discuss?hl=en.
