Thanks for answer, nate. Decision is on You, You're man here ;-)
But from my point of view: - if purpose of Security component is (beside of auth. tokens for 'one-touch html forms') block external requests which aren't send by POST (by 'requirePost' functionality) - then I am not able to find better place I have to put 'requireBare' functionality into, as it is designed to block requests which can invoke user from browser adressbar to some actions. It is maybe question of personal taste, but I am not able find out name for such as component, if I will somewhere use Security component with 'requirePost'. You know, this 'requirePost' thing is also manageable in beforeFilter() if we replace $this->params['bare'] by $this->RequestHandler->isPost() I just thought - there is no better place then Security component for such restriction rule, if there is already 'requirePost' solved - I am not alone programmer who uses Object::requestAction() and who doesn't want web visitor could (by accident or for any reason) display some fragment of site (means output of controller action) in layout to which it doesn't belongs (or: in consequences it is not purposed to) just because I don't (or can't) set some 'killer' route with '/*' as pattern. So, excuse me for this annoying thread and have a nice day! --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php -~----------~----~----~----~------~----~------~--~---
