From The Blog

CakePHP 2 aggressive Security - continued

29 February 2012, in

CakePHP 2.0 has another aggressive security which is shown clearly when trying to make an ajax request to an action via method POST, it fires security error that says "Request is blackholed due to auth".

The Solution to disable this aggressive validation for this action to set security attribute $validatePost to false.

 



Post a Comment

CakePHP 2 Aggressive Security

20 February 2012, in

CakePHP has had CSRF protection since 1.2. For 2.0 the existing CSRF has a new more paranoid mode, and is its own standalone feature.

By default a new CSRF token is generated for each request, and each token can only be used one. If a token is used twice, it will be blackholed. Sometimes, this behaviour is not desirable, as it can create issues with single page applications. You can toggle on longer, multi-use tokens by setting csrfUseOnce to false. This can be done in the components array, or in the beforeFilter of your controller:



Post a Comment