x-messages

Transcript

1. Experimenting with HTTP Headers and Rails Joseph Paul Silvashy -

   @jpsilvashy - jpsilvashy.com

2. HTTP header crash course

3. HTTP headers define the operating parameters of an HTTP transaction.

4. Headers are used in both the request and the response.

5. Overview a basic GET request: Sends request headers Sends response

   headers and content body Client (your browser) Server (web server, reverse proxy, application...)

6. Accept: text/html, [...] Accept-Encoding: gzip, deflate Accept-Language: en-US,en; q=0.5 User-Agent:

   [...] GET http://example.com

7. Cache-Control: must-revalidate, private, max-age=0 Connection: keep-alive Content-Length: 3146 Content-Type: text/html;

   charset=utf-8 Date: Thu, 24 Jan 2013 21:16:51 GMT <html> ... HTTP/1.1 200 OK

8. There are a lot of standard headers... http://en.wikipedia.org/wiki/List_of_HTTP_header_fields

9. There are a lot of standard headers... About 75! http://en.wikipedia.org/wiki/List_of_HTTP_header_fields

10. Accept Accept-Charset Accept-Encoding Accept-Language Accept-Datetime Authorization Cache-Control Connection Cookie Content-Length

    Content-MD5 Content-Type Date Expect From Host If-Match If-Modified-Since If-None-Match If-Range If-Unmodified- Since Max-Forwards Pragma Proxy- Authorization Range Referer TE Upgrade User-Agent Via Warning Typical Response Headers

11. Typical Rails response Headers

12. Accept Accept-Charset Accept-Encoding Accept-Language Accept-Datetime Authorization Cache-Control Connection Cookie Content-Length

    Content-MD5 Content-Type Date Expect From Host If-Match If-Modified-Since If-None-Match If-Range If-Unmodified- Since Max-Forwards Pragma Proxy- Authorization Range Referer TE Upgrade User-Agent Via Warning Typical Response Headers

13. Cache-Control Connection Content-Length Content-Type Date Typical Response Headers from Rails

14. Which header is for human readable messages to the client?

15. Accept Accept-Charset Accept-Encoding Accept-Language Accept-Datetime Authorization Cache-Control Connection Cookie Content-Length

    Content-MD5 Content-Type Date Expect From Host If-Match If-Modified-Since If-None-Match If-Range If-Unmodified- Since Max-Forwards Pragma Proxy- Authorization Range Referer TE Upgrade User-Agent Via Warning Typical Response Headers Warning

16. Typical Response Headers Warning

17. Warning?

18. The Warning general-header field is used to carry additional information

    about the status or transformation of a message which might not be reflected in the message. http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html Warning (From rfc2616 See §14.46):

19. 299: Miscellaneous persistent warning. The warning text MAY include arbitrary

    information to be presented to a human user, or logged. A system receiving this warning MUST NOT take any automated action. Warning (From rfc2616 See §14.46): http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html

20. Flash messages in Rails are: Arbitrary information presented to a

    human user.

21. Warning: “Thanks for signing up!”

22. ?

23. Hey, what about non-standard headers?!

24. Typically non-standard headers are prefixed with an “X-”

25. Requests: X-CSRF-Token X-Requested-With Some non-standard headers Response: X-Frame-Options X-Runtime X-Rack-Cache

    X-Request-Id X-Ua-Compatible

26. Non-standard headers are popular, most servers send at least one.

27. Typical Rails Response: HTTP/1.1 200 OK Cache-Control: max-age=0, private, must-revalidate

    Connection: keep-alive Content-Length: 3146 Content-Type: text/html; charset=utf-8 Date: Thu, 24 Jan 2013 20:15:48 GMT Etag: "9cc373612927384b4a3997397061ba60" Set-Cookie: _myapp_session=abcd; path=/; HttpOnly (cont...)

28. Typical Rails Response (cont.): X-Rack-Cache: miss X-Request-Id: 52f48735303febd137f014fb4db5f767 X-Runtime: 0.010621

    X-Ua-Compatible: IE=Edge,chrome=1

29. There is a problem with this.

30. “X-” headers are officially deprecated!

31. Creators of new parameters to be used in the context

    of application protocols SHOULD NOT prefix their parameter names with "X-" or similar constructs. IETF Says: (From rfc6648 §3, June 2012 ) http://www.ietf.org/rfc/rfc6648.txt

32. Using headers as a transport for flash messages.

33. Who gives a shit!? Doesn’t Rails handle this for me?

34. YES!

35. Rails does this by rendering flash messages in the view.

36. Alternatively, we can send the flash messages in a header

    for easy consumption by the client.

37. Example application: http://x-messages.herokuapp.com/

38. after_filter :x_messages after_filter { flash.discard if request.xhr? } def x_messages

    response.headers['X-Messages'] = flash.to_hash.to_json flash.to_hash end application_controller.rb https://github.com/jpsilvashy/x-messages/blob/master/app/controllers/ application_controller.rb

39. application_helper.rb https://github.com/jpsilvashy/x-messages/blob/master/app/controllers/ application_controller.rb def render_x_messages content_tag :ul, :class => 'x-messages'

    do x_messages.collect do |type, message| concat content_tag(:li, message, :class => "message-#{type}") end end end

40. application.html.erb https://github.com/jpsilvashy/x-messages/blob/master/app/views/layouts/ application.html.erb <!-- Replace your flash messages with this

    --> <%= render_x_messages %> <!-- Place this near the end of the body --> <script> var x_messages = <%= x_messages.to_json.html_safe %> </script>

41. application.js https://github.com/jpsilvashy/x-messages/blob/master/app/views/layouts/ application.html.erb ... //= require alertify //= require x-messages

42. x-messages.js https://github.com/jpsilvashy/x-messages/blob/master/app/assets/ javascripts/x-messages.js var getXMessages = function(response) { var xMessagesHeader

    = response.getResponseHeader('X-Messages'); if ((typeof xMessagesHeader !== "undefined") && (xMessagesHeader !== null)) { return $.parseJSON(xMessagesHeader) } }

43. https://github.com/jpsilvashy/x-messages/blob/master/app/assets/ javascripts/x-messages.js var handleMessages = function(messages) { $.each(messages, function(type, message)

    { alertify.log(message, type); }); } x-messages.js (cont.)

44. https://github.com/jpsilvashy/x-messages/blob/master/app/assets/ javascripts/x-messages.js $(document).ajaxComplete(function(event, response) { handleMessages(getXMessages(response)) }); $(function() { $('.x-messages').hide();

    if ((typeof xMessages !== "undefined") && (xMessages !== null)) { handleMessages(xMessages); } }) x-messages.js (cont.)

45. Issues with implementation • Error messages still have to be

    rendered to the views since we cannot retrieve the response headers with javascript in our views unless we render the flash as an array. So this is only valuable for XHR requests at the moment (I think this can be fixed). • We still has “X-” name for header. https://github.com/jpsilvashy/x-messages/issues