Re: The request has been black-holed

Tue, 02 Apr 2013 07:58:42 -0700 

When setting up the Security component there are settings that can help 
(although I am not entirely certain what risks - if any - these introduce):

'Security' => array(
        'csrfUseOnce' => false,
        'unlockedActions' => array(
                'your_action'
        )
)

Setting csrfUseOnce to false means it will reuse the existing tokens, which in 
turn means you can refresh the page without a black hole.

The unlockedActions setting is clearly more risky as it effectively disables 
the component for that action - but in some cases it can be useful.

Jeremy Burns
Class Outfit

http://www.classoutfit.com

On 2 Apr 2013, at 15:41:59, b...@articad.cc wrote:

> 
> To save people form themselves? To save the world? I really don't care. 
> 
> Bottom line: That blackholed request thing is a usability nightmare. You 
> merely have to reload the page
> 
> On Monday, April 1, 2013 6:41:44 AM UTC+1, rchavik wrote:
> 
> 
> On Thursday, March 28, 2013 4:57:38 PM UTC+7, b...@articad.cc wrote:
> Security features like this that cause issues with basic flow, should be OFF 
> by default. CakePHP is it's own worst enemy for leaving it in.
> 
> 
> Why do you think CakePHP turns SecurityComponent on by default?
> 
> -- 
> Like Us on FaceBook https://www.facebook.com/CakePHP
> Find us on Twitter http://twitter.com/CakePHP
>  
> --- 
> You received this message because you are subscribed to the Google Groups 
> "CakePHP" group.
> To unsubscribe from this group and stop receiving emails from it, send an 
> email to cake-php+unsubscr...@googlegroups.com.
> To post to this group, send email to cake-php@googlegroups.com.
> Visit this group at http://groups.google.com/group/cake-php?hl=en.
> For more options, visit https://groups.google.com/groups/opt_out.
>  
>  

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP

--- 
You received this message because you are subscribed to the Google Groups 
"CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to cake-php+unsubscr...@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.

Reply via email to