Menu
FINALLY found the solution:
If anyone have this problem put this in your beforefilter.
$this->Security->unlockedActions = array('givestar');
And update libs to Cake 2.3
The problem:
I am struggling with the SECURITY component blackholing me on my ajax calls.
var id = 1;
$.ajax({
type: "post",
url: "/messages/givestar/",
data: {"id" : id},
dataType: "json"
});
I am only trying to send the ID for the controller to update the message where id=id
But Security component is Blackholing me on all my ajax calls.
Anyone know how I can make it work with security component activated??
Thanks!
You are awesome!
-Tom
Suggestions????
UPDATE2 I get an AUTH error from blackhole after some testing.
From Book:
‘auth’ Indicates a form validation error, or a controller/action mismatch error.
I have double checked all ACO nodes, they are good. I am leaning against a FORM VALIDATION ERROR from Security component on my ajax call.
UPDATE:
AppController.php
public $components = array(
'Acl',
'Auth',
'Session',
'Security',
'Cookie'
);
public function beforeFilter() {
$this->Security->blackHoleCallback = 'blackhole';
}
public function blackhole($type) {
$this->Session->setFlash(__('ERROR: %s',$type), 'flash/error');
}
MessagesController.php
public $components = array('RequestHandler');
public function beforeFilter() {
parent::beforeFilter();
}
public function givestar() {
$this->autoRender = false;
if ($this->request->is('ajax')) {
echo 'Working';
}
return;
}
992
In beforefilter:
$this->Security->unlockedActions = array('givestar');
SecurityComponent line 396:
if (!isset($controller->request->data['_Token'])) {
if (!$this->blackHole($controller, 'auth')) {
return null;
}
}
So I guess if You want to secure this action You must send data with additional generated '_Token' key. This key is generated using Form->secure($fields) method (acctualy method generates hidden inputs with proper values).
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
