up.protocol up.protocol.config

Configuration object

The name of the HTTP header that will include the CSRF token for AJAX requests.

The name of the hidden <input> used for sending a CSRF token when submitting a default, non-AJAX form. For AJAX requests the token is sent as an HTTP header instead.

The parameter name can be configured as a string or as function that returns the parameter name. If no name is set, no token will be sent.

Defaults to the content attribute of a <meta> tag named csrf-param:

<meta name="csrf-param" content="authenticity_token">

The CSRF token to send for unsafe requests. The token will be sent as either an HTTP header (for AJAX requests) or a hidden form <input> (for default, non-AJAX form submissions).

The token can either be configured as a string or as function that returns the token. If no token is set, no token will be sent.

Defaults to the content attribute of a <meta> tag named csrf-token:

<meta name='csrf-token' content='secret12345'>

The name of request parameter containing the original request method when Unpoly needs to wrap the method.

Methods must be wrapped when making a full page request with a methods other than GET or POST. In this case Unpoly will make a POST request with the original request method in a form parameter named _method:

POST /test HTTP/1.1
Host: example.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 11

_method=PUT

The preferred maximum length of an X-Up-prefixed header's value.

This is currently only honored for X-Up-Validate.