that's obviously a very good way to avoid this issue. always replacing the form. but with dynamically created forms this is hard to achieve sometimes :)
Am Freitag, 9. März 2012 01:13:31 UTC+1 schrieb jeremyharris: > > Interesting.. Most of my ajax requests replace the form with the response > which has a new token, which is probably why I've never run into that. Good > to know though. > > On Thursday, March 8, 2012 3:59:51 PM UTC-8, euromark wrote: >> >> thats mainly what I was saying: adding or removing fields in the DOM will >> cause trouble for sure. >> >> but also resubmitting the form via AJAX several times (as the session >> token then expires) will blackhole if not avoided carefully. >> >> so it is always good to know how the fieldList solution works >> >> >> Am Donnerstag, 8. März 2012 16:23:45 UTC+1 schrieb jeremyharris: >>> >>> I've had no problem with ajax forms and the security component. The >>> token is still added and it still goes through. It only blackholes if you >>> dynamically change that field with javascript. >>> >>> On Thursday, March 8, 2012 7:20:34 AM UTC-8, euromark wrote: >>>> >>>> well, with ajax and dynamic field injection in forms you need to >>>> disable the component or at least some fields in order to not get >>>> blackholed >>>> therefore I rather use the field whitelisting than enabling the >>>> security component >>>> but either way: one of those two options you should use to be on the >>>> safe side >>>> >>> -- Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions. To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/cake-php
