Interesting.. Most of my ajax requests replace the form with the response which has a new token, which is probably why I've never run into that. Good to know though.
On Thursday, March 8, 2012 3:59:51 PM UTC-8, euromark wrote: > > thats mainly what I was saying: adding or removing fields in the DOM will > cause trouble for sure. > > but also resubmitting the form via AJAX several times (as the session > token then expires) will blackhole if not avoided carefully. > > so it is always good to know how the fieldList solution works > > > Am Donnerstag, 8. März 2012 16:23:45 UTC+1 schrieb jeremyharris: >> >> I've had no problem with ajax forms and the security component. The token >> is still added and it still goes through. It only blackholes if you >> dynamically change that field with javascript. >> >> On Thursday, March 8, 2012 7:20:34 AM UTC-8, euromark wrote: >>> >>> well, with ajax and dynamic field injection in forms you need to disable >>> the component or at least some fields in order to not get blackholed >>> therefore I rather use the field whitelisting than enabling the security >>> component >>> but either way: one of those two options you should use to be on the >>> safe side >>> >> -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
