Tuesday, April 2, 2013

Re: The request has been black-holed

When setting up the Security component there are settings that can help (although I am not entirely certain what risks - if any - these introduce):

'Security' => array(
'csrfUseOnce' => false,
'unlockedActions' => array(
'your_action'
)
)

Setting csrfUseOnce to false means it will reuse the existing tokens, which in turn means you can refresh the page without a black hole.

The unlockedActions setting is clearly more risky as it effectively disables the component for that action - but in some cases it can be useful.

Jeremy Burns
Class Outfit

http://www.classoutfit.com

On 2 Apr 2013, at 15:41:59, ben@articad.cc wrote:


To save people form themselves? To save the world? I really don't care.

Bottom line: That blackholed request thing is a usability nightmare. You merely have to reload the page

On Monday, April 1, 2013 6:41:44 AM UTC+1, rchavik wrote:


On Thursday, March 28, 2013 4:57:38 PM UTC+7, b...@articad.cc wrote:
Security features like this that cause issues with basic flow, should be OFF by default. CakePHP is it's own worst enemy for leaving it in.


Why do you think CakePHP turns SecurityComponent on by default?

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

No comments: