Because the keys are 'use once', so when submitted by ajax become invalid. See this page for a solution: http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html#SecurityComponent::$csrfUseOnce
Jeremy Burns Class Outfit http://www.classoutfit.com On 8 Aug 2013, at 20:53, "Advantage+" <[email protected]> wrote: > I know forms submitted via ajax that the security component does not work. > (Checking for edits / tampering) > > What is the reason for this? I understand if you add fields dynamically why > it would not work because of the hashed fields when the form is rendered. > > But if you are simply sending a form as coded $this->Form as standard > procedure, no edits or fields added why would it not act the same? > The exact data is being sent as if it was submitted http. No? > > Just curious. > > Thanks, > > Dave > > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To post to this group, send email to [email protected]. > Visit this group at http://groups.google.com/group/cake-php. > For more options, visit https://groups.google.com/groups/opt_out. > > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
