Covert Tomato

In its latest version, Yusef has introduced a new route API, extending the capabilities of the addSectionListener API. Basically, a route extends the concept of section/action. The route is matched by a regular expression (instead of a section name), and an action is attached to it. This new version also enforces security - a given for Opera - of the section/actions API. In particular, it was also possible to handle any POST in the sectionListener, without having a nonce. The nonce was however required for action handling. Sections were particularly useful when using AJAX components relying on POST to pass information back to the application: these component may not have a sufficient level of customization to pass that nonce. This worked all good in the previous version. However, the newer version of Yusef makes sure that every POST has a nonce attached. Otherwise, the application returns HTTP error 400, Bad Request. How can we deal with these AJAX components then? By adding "disablePOSTSecurityCheck: true" to the section listener options. AddSectionListener Options With all these options around, I thought it might be a good idea to get a table of every option. Although it is not currently the ultimate reference, I hope it will get more and more complete with the time:

Name	Default value	Plugin	Description
disablePOSTSecurityCheck	false	Yusef core	Whether POST are accepted without a nonce being present
ui	false	ui	Use a template on the page (Note: for the content and _index sections, the default value is true).
acl	{}	acl	Restrictions applied to the section/action.
acl.type	""	acl	Who can access the section ('private', 'public' or 'limited').
acl.level	private	acl	Who can access the action (one of the levels of accesstypes defined in Yusef.plugins.acl.getAccessTypes()).
acl.strict	""	acl	Whether the access can be modified later on.
translation	true	translation	Whether the content must be translated.