For that, you set up a deny by default in the AppController, and then override with specific allows in specific controllers.
And then in development, where you seem to want unfettered access, just remove the global deny, so everything is allowed. (or used a config to denote it's the development environment, and by pass the global deny if it is). On Thu, Nov 28, 2013 at 7:47 PM, Advantage+ <movepix...@gmail.com> wrote: > I want to say mode= production so no access but login > > > > And not go thru every controller and deny() that’s what I am asking. > Nothing to do with ajax > > > > > > > > *Dave Maharaj* > > *Freelance Designer | Developer* > [image: Description: header_logo] > www.movepixels.com | d...@movepixels.com | 709.800.0852 > > > > *From:* cake-php@googlegroups.com [mailto:cake-php@googlegroups.com] *On > Behalf Of *Reuben > *Sent:* Thursday, November 28, 2013 12:53 AM > *To:* cake-php@googlegroups.com > *Subject:* Re: Production and Development Environment > > > > I'm assuming that's some sort of Ajax API that you're doing? > > > > You could make your Javascript aware that it's in a development > environment, and pass the Authorization token, as per > http://coderseye.com/2007/how-to-do-http-basic-auth-in-ajax.html. > > > > If you're using jQuery.ajax, you can pass the username and password for > Basic Authentication, but that leaves you a bit open. Also, it only sends > the info when challenged with a 401, so explicit header setting might be > your only option. [ > http://stackoverflow.com/questions/5507234/how-to-use-basic-auth-and-jquery-and-ajax > ] > > > > You could update the programming to only require authentication for > non-ajax requests, but that might be defeating the purposes as well. > > > > Of course, I'm assuming that your application would normally use Form > authorization in production, but you've got the added layer of Basic > authentication in development. > > > > This issue should only happen when calling the API from a different > domain. If the browser that is already authorized, is calling the APIs on > the same domain, then the Authorization token <b>should</b> be sent > automatically. I'm emphasizing that "should", because it would just seem > screwy if it didn't. > > On Thursday, 28 November 2013 09:48:42 UTC+10, advantage+ wrote: > > Building a site on client's server and password protected but now adding > in API functionality and the htaccess is blocking responses back from the > API calls since they can't reach the site. > > > > Is there a simply way to define production / development to allow access > without password protecting the site. > > I do not want to go thru all 65 controllers and re-code $this->Auth->deny() > / allow();. > > > > Thanks > > > > *Dave* > > > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to the Google Groups > "CakePHP" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cake-php+unsubscr...@googlegroups.com. > > To post to this group, send email to cake-php@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php. > For more options, visit https://groups.google.com/groups/opt_out. > > -- > Like Us on FaceBook https://www.facebook.com/CakePHP > Find us on Twitter http://twitter.com/CakePHP > > --- > You received this message because you are subscribed to a topic in the > Google Groups "CakePHP" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/cake-php/qY0yLORk4MM/unsubscribe. > To unsubscribe from this group and all its topics, send an email to > cake-php+unsubscr...@googlegroups.com. > To post to this group, send email to cake-php@googlegroups.com. > Visit this group at http://groups.google.com/group/cake-php. > For more options, visit https://groups.google.com/groups/opt_out. > -- Like Us on FaceBook https://www.facebook.com/CakePHP Find us on Twitter http://twitter.com/CakePHP --- You received this message because you are subscribed to the Google Groups "CakePHP" group. To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscr...@googlegroups.com. To post to this group, send email to cake-php@googlegroups.com. Visit this group at http://groups.google.com/group/cake-php. For more options, visit https://groups.google.com/groups/opt_out.
<<image001.jpg>>
