Thursday, April 28, 2011

Security Blackholing actions I didn't specify

Ok, in the app_controller, I've included my Security component and also added this little snippet of code for admin pages:
if(isset($this->params['admin'])) :
            $this->Security->blackHoleCallback = 'forceSSL';
            $this->Security->requireSecure();
        endif;

That one's straight outta the book and as far as i can tell, working fine. I just add that here on the off chance I'm missing something.

In my "carts" controller (for shopping carts) I want to be able to secure the checkout action, only. Hence I've set up this beforeFilter:
    function beforeFilter() {
        parent::beforeFilter();
        $this->Security->requireSecure('checkout');
        $this->Security->blackHoleCallback = 'forceSSL';
    }

The problem is that, when I do this, my add action (as in adding an item to the cart) is getting redirected per the forceSSL function (which also comes from the book, for reference).

More confusing, when I simply strip the bottom two lines of my beforeFilter away (thus, I presume, eliminating the effects of the Security component), I get a 404 error on the action.

Thanks for your time!

--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
 
 
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php

No comments: