Hi,
probably you have to configure the SecurityComponent (and eventually use
the FormHelper) to permit those types of request to happen.
See:
- http://en.wikipedia.org/wiki/Cross-site_request_forgery
-
http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html#restricting-cross-controller-communication
-
http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html#csrf-protection
Il 04/05/2012 13:58, jmail ha scritto:
Hi!
I've got application which I am translating from other technology to
CakePHP. Application is in about 60% written with AJAX.There are a lot
of cross controller sends :/ So I've got a problem because when I am
trying to make something similar with Cake I get error 400 - bad
request. Of course I am using Security component and I would like to
use this component. App it's quite secure with that component. Of
course when I am using GET request everything is OK, but when try to
use POST request there is a problem.
I've got Controller MainController with function start
class MainController extends AppController{
function start(){
$this->set('contests', $this->Contest->find('all', array('conditions'
=> array('Contest.start <= now()', 'Contest.finish > now()',
'Contest.active' => 1, 'Board.status' => 1))));
if(CakeSession::read('user') === null){
$this->layout = 'nonloginlayout';
}
else{
$this->render('startlogged');
}
}
}
Then in startlogged.ctp I've got script:
function moreChances(){
$.prompt.close();
$.prompt(states, {zIndex: 11000});
$.ajax({
url: "/user/invite/"
,async: true
,dataType: "html"
,type: "GET"
,success: function(data){
$.prompt.close();
$.prompt(data, {buttons:{}, zIndex: 11000})
}
});
}
function sendInvite(){
mail = document.getElementById('inviteMail').value;
message = document.getElementById('inviteMessage').value;
$.prompt.close();
$.prompt(states, {zIndex: 11000});
$.ajax({
url: "/user/send_invite?tmp="+Math.random()
,async: false
,data: {test:'doopa'}
,type: "POST"
,dataType: "html"
,success: function(data){
$('#deb').html(data);
}
,error: function(jqXHR, textStatus, errorThrown){
$('#deb').html(errorThrown);
}
});
}
user/invite just loading a form into a prompt window
<label>Email address:<br></label>
<input type="text" name="mail" id="inviteMail">
<br>
<label>Message:<br></label>
<textarea name="message" id="inviteMessage"></textarea>
<br><br>
<div class="floatRight">
<a href="javascript:sendInvite()" style="color: #636363;"><b>send</b></a>
</div>
and User controller look like this
class UserController extends AppController{
function beforeFilter() {
parent::beforeFilter();
$json_actions = array('send_invite');
if(in_array($this->action, $json_actions)){
$this->Security->validatePost = false = array('Session',
'RequestHandler', 'ImageConverter');
}
}
function invite(){
$this->layout = '';
}
function send_invite(){
$this->autoRender = false;
var_dump($_POST);
}
}
And I don't know what to do more. Every POST request generating error:
2012-05-04 13:54:27 Error: [BadRequestException] The request has been
black-holed
#0
!!!Path_to_root!!!\lib\Cake\Controller\Component\SecurityComponent.php(227):
SecurityComponent->blackHole(Object(UserController), 'csrf')
Can some please help me? I don't know what to do to not get
black-holed. I am desperate because of that three of my projects are
stoped :(
Thanks for all.
--
Our newest site for the community: CakePHP Video Tutorials
http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and
help others with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this
group at http://groups.google.com/group/cake-php
--
Our newest site for the community: CakePHP Video Tutorials http://tv.cakephp.org
Check out the new CakePHP Questions site http://ask.cakephp.org and help others with their CakePHP related questions.
To unsubscribe from this group, send email to
[email protected] For more options, visit this group at
http://groups.google.com/group/cake-php
