Embed CSRF token into Ember CLI application
I'm designing my new Ember CLI application. I gonna use Ember Simple Auth for authorisation. And I also need to use CSRF protection. I know how to inject the token to requests. The problem is how to embed the token to the application in a right way.
It is required the token to be generated on the backend side and to be embedded into the page. And it should be the same one that API uses to verify requests.
In my case API and Ember application would be served by the same web server (most likely Microsoft IIS, since API is build with .NET MVC). So the web server should generate the token and embed it somehow into the Ember application once its index file requested.
But Ember CLI generates static index.html file during its build process. And I see just two ways of embedding the token.
The first one is to parse Ember's index.html file on each request and embed CSRF token metatag to the proper place. I don't really like this way.
The second one is to make Ember CLI produce index.aspx instead of index.html during the build process. In this case web server would put the token automatically. I like this way better, but i'm not sure if it's possible. And if it is then how to do this?
Maybe, there is another better way? Any help and advices would be appreciated.
It is possible to implement your second idea. You need to specify options.outputPaths.app.html property of EmberApp in ember-cli-build.js:
const app = new EmberApp({
outputPaths: {
app: {
html: 'index.aspx'
}
}
});
Doing this will result in Ember CLI writing index.aspx instead of index.html to filesystem:
You can read more about configuring output paths of your Ember CLI application in user-guide.
You can also dig directly in Ember CLI's ember-app.js source code to see if you can adjust options more to your needs.
Is it possible to make it environment-dependent? It works perfectly for production build. But it doesn't work for development since Ember CLI can not serve .aspx files. So it would be nice to overwrite output files for production builds only and use generic ones for development and test environments.
You can achieve this by checking value of app.env. So, in ember-cli-build.js, instead of passing outputPaths as argument, use following technique:
const app = new EmberApp();
if (app.env === 'production') {
app.options.outputPaths.app.html = 'index.aspx';
}
This way you still get index.aspx in dist/ when building for production, but development and test environments' outputPaths options are untouched and live development/testing works.
- Background Video Not Autoplaying
- How to fill the column values from server side in Ember
- Ember >2.2.0 getting regeneratorRuntime is not defined
- Uncaught Error: Could not find module `@ember/application` imported from `web-app/app`
- EACCES issue, When i am installing ember-cli
- Ember application runtime error uncaught referenceerror ember is not defined vendor.js
- No command 'ember' found
- How to set a a unique id to the elements of a DOM in ember.js
- How can I get source maps to work when running tests using ember-qunit for an ember app built on ember-cli
- How to install ember-cli 4.12.1
- Ember upgrade to 3.27 TypeError: Ember.computed.alias is not a function
- Handling errors with the (now default) Ember Data JSON-API adapter
- why .pushObject method is undefined in ember
- Ember.js - App doesn't load all params from enviroment.js
- Cannot find module './transforms/babel-plugin-convert-existence-checks-to-macros'
- How to get the LAST element in a list for Ember Acceptance Testing
- Error: Could not read config from meta tag in EmberCLI
- Creating an Ember CLI in-app/in-repo Addon: how to install npm dependencies?
- Retrieving table content data in ember
- error [email protected]: The engine "node" is incompatible with this module. Expected version ">=8". Ember js + Heroku Deployment
- Ember addon: Could not find module from within component
- How do I upgrade ember-cli-babel?
- Is there any way to run ember acceptance test case in slow mode?
- Build Error (broccoli-persistent-filter:EslintValidationFilter) in test-helper.js
- How can I upgrade ember 2.7 to 3.28?
- "DEPRECATION: Upgrade ember-cli-inject-live-reload version to 1.10.0 or above" warning will not go away after upgrade
- Ember js Build Error (broccoli-persistent-filter:EslintValidationFilter)
- How can I use the Socket.IO client though ES6 modules?
- Could not find module ember-metal/streams/stream
- Ember CLI import ES6 file to ember-cli-builds.js