How to set request headers asynchronously in typeahead/bloodhound

StackOverflow https://stackoverflow.com/questions/23273859

Question

Environment:

  • I am using typeahead/bloodhound for a search field in my mobile app (steroids/cordova)
  • Every request from my app to the API needs to be signed and the signature added to auth headers

Obviously setting the headers in the ajax settings won't work as each request bloodhound sends will be different and require different signatures.

In my first implementation, I was using the beforeSend ajax setting to achieve this. Simply calculate the signature in that function and add it to the request headers.

However, this was not very secure so I have decided to place the secret used and the signature calculation into a Cordova custom plugin's native code to be compiled. Not bullet proof but a reasonable amount of security.

As Cordova plugins are asynchronous, beforeSend became useless in this case. The function will complete before the signing and setting of the headers are done.

So, in summary, the question is: How can I asynchronously calculate and set those headers with typeahead/bloodhound?

Was it helpful?

Solution

ok, the solution seems to be fork and hack. First modify _getFromRemote to remove the need for beforeSend by adding a remote.headers option similar to the remote.replace except that it returns a deferred object

if (this.remote.headers) {
    $.when(
        this.remote.headers(url, query, this.remote.ajax)
    ).done(function(headers) {
        that.remote.ajax.headers = headers;
        deferred.resolve(that.transport.get(url, that.remote.ajax, handleRemoteResponse));
     });
} else {
    deferred.resolve(this.transport.get(url, this.remote.ajax, handleRemoteResponse));
}

and then modify the get function that uses this to handle the deferred

if (matches.length < this.limit && this.transport) {
    cacheHitPromise = this._getFromRemote(query, returnRemoteMatches);
    cacheHitPromise.done(function(hit) {
        if (!hit) {
            (matches.length > 0 || !this.transport) && cb && cb(matches);
        }
     });
}

now I'm free to use asynchronous native code to sign and set request auth headers :)

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top