probably you have to configure the SecurityComponent (and eventually use the FormHelper) to permit those types of request to happen.
See:
- http://en.wikipedia.org/wiki/Cross-site_request_forgery
- http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html#restricting-cross-controller-communication
- http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html#csrf-protection
Il 04/05/2012 13:58, jmail ha scritto:
Hi!
I've got application which I am translating from other technology to CakePHP. Application is in about 60% written with AJAX.There are a lot of cross controller sends :/ So I've got a problem because when I am trying to make something similar with Cake I get error 400 - bad request. Of course I am using Security component and I would like to use this component. App it's quite secure with that component. Of course when I am using GET request everything is OK, but when try to use POST request there is a problem.
I've got Controller MainController with function start
class MainController extends AppController{function start(){$this->set('contests', $this->Contest->find('all', array('conditions' => array('Contest.start <= now()', 'Contest.finish > now()', 'Contest.active' => 1, 'Board.status' => 1))));if(CakeSession::read('user') === null){$this->layout = 'nonloginlayout';}else{$this->render('startlogged');
}}}
Then in startlogged.ctp I've got script:
function moreChances(){$.prompt.close();$.prompt(states, {zIndex: 11000});$.ajax({url: "/user/invite/",async: true,dataType: "html",type: "GET",success: function(data){$.prompt.close();$.prompt(data, {buttons:{}, zIndex: 11000})}
});}function sendInvite(){mail = document.getElementById('inviteMail').value;message = document.getElementById('inviteMessage').value;$.prompt.close();$.prompt(states, {zIndex: 11000});$.ajax({url: "/user/send_invite?tmp="+Math.random(),async: false,data: {test:'doopa'},type: "POST",dataType: "html",success: function(data){$('#deb').html(data);},error: function(jqXHR, textStatus, errorThrown){$('#deb').html(errorThrown);}});}
user/invite just loading a form into a prompt window
<label>Email address:<br></label><input type="text" name="mail" id="inviteMail"><br><label>Message:<br></label><textarea name="message" id="inviteMessage"></textarea><br><br><div class="floatRight">
<a href="javascript:sendInvite()" style="color: #636363;"><b>send</b></a></div>
and User controller look like this
class UserController extends AppController{
function beforeFilter() {parent::beforeFilter();$json_actions = array('send_invite');if(in_array($this->action, $json_actions)){$this->Security->validatePost = false = array('Session', 'RequestHandler', 'ImageConverter');}}function invite(){$this->layout = '';}function send_invite(){$this->autoRender = false;var_dump($_POST);}}
And I don't know what to do more. Every POST request generating error:
2012-05-04 13:54:27 Error: [BadRequestException] The request has been black-holed#0 !!!Path_to_root!!!\lib\Cake\Controller\Component\SecurityComponent.php(227): SecurityComponent->blackHole(Object(UserController), 'csrf')
Can some please help me? I don't know what to do to not get black-holed. I am desperate because of that three of my projects are stoped :(
Thanks for all.--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
cake-php+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php
No comments:
Post a Comment