Friday, January 29, 2016

How to do CSRF protection in cakephp

Hi,
         I am new to cakephp and now I am working on a new project with cakephp by studying. My current doing task is to do CSRF protection for overall project.I have read official cakephp 2 cookbook and I did as explained in that book. But, now I am facing 

The request has been black-holed

Error: The requested address '/admin/accounts/add' was not found on this server. 

every time the new user add form is submitted.
My code is :
//////////////////////////////////////////////////////////////////////////////////////////////////

public $components = array(
'Security' => array(
'csrfExpires' => '+1 hour'
),
'Search.Prg' => array(
'commonProcess' => array(
'paramType' => 'named',
'filterEmpty' => true
))

);

///////////////////////////////////////////////////////////////////

public function beforeFilter() {
parent::beforeFilter();
$this->layout = 'admin';
$this->Security->blackHoleCallback = '_blackHole';
}

////////////////////////////////////////////////////////////////////

public function _blackHole($error) {
die($error);
}

/////////////////////////////////////////////////////////////////////

By doing so, 'auth' error has appeared.

How should I do?
Please help me.I have googled but it was just the waste of time.I have no way to do.
Please help me.

--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

---
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at https://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/d/optout.

No comments: