Opting In

Without restrictions in place, T4JS would enumerate every action method in your entire project.  Obviously that's a security concern if you publish a JavaScript containing all of your routes as well as their parameter names.

In order to provide tight control over security as well as brevity of generated code, T4JS takes an opt-in approach.  Each method you'd like to generate a JavaScript object for requires the method be decorated with the AjaxEndpoint attribute.

The AjaxEndpoint attribute is generated by the T4JS template, and can be configured to use a namespace suitable to your project.

Using the namespace is simple.  In most cases you can simply add the AjaxEndpoint attribute to your method and re-run the templates.  T4JS will attempt to infer the parameters needed to build a query string.

[HttpPost]
[AjaxEndpoint]
public ActionResult Login(string emailAddress, string name)
{
    // ...
}  

Optionally, you may prefer to specify the names of the input parameters.  This is a common scenario when you're code is making use of model binders or action filters.  Take the example of an action method that checks whether a CAPTCHA phrase is valid.  It's likely that the result of the CAPTCHA validation is a parameter of your method, but not a parameter that end users should be aware of.  Here, the ValidateCaptcha action filter injects the result of a 3rd party validation.

[HttpPost]
[ValidateCaptcha]
[AjaxEndpoint("emailAddress", "name")
public ActionResult RegisterFree(string emailAddress, string name, bool isCaptchaValid)
{
    // ...
}         

You can decorate your method and specify the parameters that should be generated.  In this case, the attribute instructs the T4 template to use "emailAddress" and "name" as the only parameters.

Read here for help with complex types.

Last edited Apr 22, 2011 at 7:15 PM by tylerbrinks, version 2

Comments

No comments yet.