When setting up the Security component there are settings that can help
(although I am not entirely certain what risks - if any - these introduce):
'Security' => array(
'csrfUseOnce' => false,
'unlockedActions' => array(
'your_action'
)
)
Setting csrfUseOnce to false means it will reuse the existing tokens, which in
turn means you can refresh the page without a black hole.
The unlockedActions setting is clearly more risky as it effectively disables
the component for that action - but in some cases it can be useful.
Jeremy Burns
Class Outfit
http://www.classoutfit.com
On 2 Apr 2013, at 15:41:59, [email protected] wrote:
>
> To save people form themselves? To save the world? I really don't care.
>
> Bottom line: That blackholed request thing is a usability nightmare. You
> merely have to reload the page
>
> On Monday, April 1, 2013 6:41:44 AM UTC+1, rchavik wrote:
>
>
> On Thursday, March 28, 2013 4:57:38 PM UTC+7, [email protected] wrote:
> Security features like this that cause issues with basic flow, should be OFF
> by default. CakePHP is it's own worst enemy for leaving it in.
>
>
> Why do you think CakePHP turns SecurityComponent on by default?
>
> --
> Like Us on FaceBook https://www.facebook.com/CakePHP
> Find us on Twitter http://twitter.com/CakePHP
>
> ---
> You received this message because you are subscribed to the Google Groups
> "CakePHP" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to [email protected].
> To post to this group, send email to [email protected].
> Visit this group at http://groups.google.com/group/cake-php?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
--
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
---
You received this message because you are subscribed to the Google Groups
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
