When I make dynamic URLS in AJAX calls (based on some field value) then how to make HDIV work with this? Since the URL is dynamic HDIV won't know about this URL on server side. This would fail ultimately. Also we couldn't add it to exceptions. Then how to make it work?
These are some options:
Render all possible links, with all possible parameter values. Keep them hidden and choice the right one by JavaScript before submit.
Use a form instead of a link. You can create a hidden form and add multivalue parameters as select fields. Select the right values by JavaScript before submitting the form.
If the previous options are too complex, define the parameter as a startParameters. But note that it will not be validated.
Related
I'm using TYPO3 9.5 and building a search Extension with extbase and have some problems with the cHash.
I build my search form in fluid with f:form and use GET as method. There are no problems if I use POST.
My search action is configured as non-cachable action. I also tried to set the TypoScript config requireCHashArgumentForActionArguments = 0 for my extension.
But every time I try to search, I get a 404. Even when I let the form viewhelper generate a cHash. The only workaround that is working, is to disable pageNotFoundOnCHashError in the LocalConfiguration. But that feels wrong to me.
The action works also if I create a Link with fixed search words.
So there are some questions that came up to me.
Why is a cHash for a non-cachable action needed?
How can the cHash work on a form at all? It's the concept of a form that the user can modify the values, and as far as I understand it is the concept of the chash to prevent this.
Here is also some example code
<f:form
id="search-form"
class="press-search-widget"
additionalAttributes="{'role': 'search'}"
method="get"
action="search"
extensionName="MySearch"
pluginName="Mysearch"
controller="Search"
section="search-form" >
<f:form.textfield
id="pressfilter-search"
class="form-control"
type="text"
name="searchTerms[searchTerm]"
value="{parameters.searchTerm}"
placeholder=""
/>
</f:form>
Why is a cHash for a non-cachable action needed?
cHash is evaluated before it is known which TypoScript should be fetched, so it is also not known which (un-)cached plugins should be loaded or if they require cHash evaluation (or have it disabled).
How can the cHash work on a form at all? It's the concept of a form that the user can modify the values, and as far as I understand it is the concept of the chash to prevent this.
I don't know the reason of you using a form submission with HTTP GET. However all GET parameters are taken into account except for the ones excluded (see response above already).
I strongly recommend switching to HTTP POST - mainly because the HTTP standard requires POST parameters to not be cached (also not in the browser!), otherwise Visitor A could submit something with the form and Visitor B sees the result from Visitor A. POST is for data submission, GET is actually defined as a "read-only" mode in HTTP.
Two options for TYPO3 are:
switch to POST if there is no 100% necessity for GET in your use case
use the cHashExcludedParameters option in TYPO3 to disable all user-input values from the form.
cHash is a security feature. It protects against maniuplation of parameters. And servers as an additional layer of security it also prevents a cache bloat attacks.
Where a bot can generate links with new parameters and TYPO3 then caches the result of every such page and quickly grow the cache tables in the database.
It is however possible to exclude certain parameter from this caluculation using the install tool: [FE][cHashExcludedParameters] setting.
The excluded parameters then also do not affect the caching. (pages are cached as if the parameters are not present) but as you have a non-cacheable-action your result has to be generated on the fly anyway.
Why is a cHash for a non-cachable action needed?
I dont really know. Maybe they just forgot it or no one really uses GET forms.
How can the cHash work on a form at all? It's the concept of a form that the user can modify the values, and as far as I understand it is the concept of the chash to prevent this.
The URL parameters are included in the chash. So sending via POST shouldnt take use of the chash except for the action/controller parameters.
You have to build the form by yourself and validate it manually or use Javascript. Indexed_search uses POST, changes the page/pointer ind the hidden form fields and submits the form again for the pagination.
What's the best practice to be able to store fluid form variables as a bookmark (for simple search filter storing)?
We have a simple extbase&fluid plugin that shows searchfilters and searchresults. The filters are a collection of input and select fields, all created with . Fluid puts in a lot of extra parameters with _referred information and chash's into the request.
Now we want a visitor to be able to bookmark a search result easily. If we use a HTTP GET request, the URL sadly exceeds the URL variable limit because of all the extra parameters; and without them, the fluid plugin won't take on the arguments (unless we disable caching of the whole page?).
The best way (imo) is to generate a clean url that can be stored. In Fluid you can add a link with only the parameters you need and add an onclick event with JS to add this link as a bookmark.
<f:link.action action="yourAction" controller="yourController" arguments="{filterArguments}">Add Bookmark</f:link.action>
How to add the bookmark function with js(jQuery):
How do I add an "Add to Favorites" button or link on my website?
It is also a good practice to configure realurl to produce nice urls for your extension
Actually I know that the form validation is possible by JavaScript but confused that after validation, is it full dynamic and don't need to be used PHP at all?
I trying to add some fields to form depending of checkbox. But I have no idea how can I do that. I think Ajax can be useful, but I dont work with Ajax in Symfony2 yet, and if my form build up not in the controller what value I need specify in url: option of Ajax?
That's quite a broad question, but essentially: the Symfony way is to add them to the Form in the Controller by reacting to FormEvents.
Symfony Docs on Form Events
One way to achieve what you're after is to submit the form twice - the first time code will react to the checked checkbox and arrange the rest of the form as required, the second time the form will be valid and you can take action. Details on the above link. AJAX might help with this, allowing a form submission as soon as you've checked the checkbox.
Although you can create HTML form fields using AJAX, when you submit the form those fields need to exist in the Form object. You can add them just in time, in the controller, before Symfony tries to bind them.
In Symfony 2 I tried to create a little search engine. The search consists of a form and some links (like facets on solr). I managed to set up the search form with form binding, creating special searchobject class in entitiess and all this via form post request. For purpose of saving previous searches I saved the complete search object in session serialized.
My question(s) would be:
How to use get requests with a form without outputting form name? Is using forms via get valid in Symfony 2? What is the best practice?
Many sites made with Symfony 2 I see are using www.url.com/search?q=thequery¶m2=xxx.
If it's valid, how would I prefill the form? Are there some examples to look at?
(PS: if using the form the way it works now, the url stays the same eg. www.url.com/seach)
Just try to change you html form declaration to specify method="GET".
And that's all, you can create your form as usual. :)