Really interesting thread guys. I often resort to just disabling SecurityComponent (I know) when I run into the "black hole of death" a few times and can't figure out why. Is there a good way to "debug" SecurityComponent problems so that dealing with specific issues on some forms can be less hit and miss?
For example, I'd like a log or output or something telling me exactly why my post was denied. Was it because jQuery did the submission? Because a field doesn't have a corresponding Model? Because... things like that. I don't intend to hijack the thread but since you both (ionas and AD) seem to have done a fair bit of work on these things I imagine you have some technique you might be willing to share. /Martin On Dec 3, 1:40 pm, AD7six <andydawso...@gmail.com> wrote: > On 2 dic, 17:27, "j0n4s.h4rtm...@googlemail.com" > > <j0n4s.h4rtm...@googlemail.com> wrote: > > A mostly working solution[1][2], that you can see > > here:http://github.com/ionas/sna/blob/master/www/app/app_controller.php#L1... > > > It is based on Teknoids great information at his blog[3][4], combined > > with a helper that triggers a javascript::confirm(), doubleposts are > > essentially not possible due to SecurityComponent. If you really > > require an js-free confirmation, why not add a checkbox to that helper > > that you have to check before clicking (check if it was clicked in the > > helper and before that onSubmit via javascript) > > > [1]http://code.cakephp.org/tickets/view/377 > > [2]http://code.cakephp.org/tickets/view/354 > > [3]http://teknoid.wordpress.com/2008/11/05/make-your-cakephp-forms-a-lot... > > [4]http://teknoid.wordpress.com/2008/11/06/clearing-up-some-confusion-re... > > That's ... a lot of code. You also have to remember/know in the view > if you should or should not use your helper. > > FWIW I prefer for things to be a lot more transparent that that. > Here's an example:http://dl.dropbox.com/u/1027790/csrf-protect-confirm.png > > That's using ajax - but it doesn't have to be (it's not a requirment > or inherant to the technique/solution). > > The 'magic' is > here:http://code.assembla.com/mi/subversion/nodes/branches/mi_plugin/views... > > There's no 'magic' > here:http://code.assembla.com/mi/subversion/nodes/branches/blog/views/entr... > > Anyway, good for the topic to be discussed. > > AD Check out the new CakePHP Questions site http://cakeqs.org and help others with their CakePHP related questions. You received this message because you are subscribed to the Google Groups "CakePHP" group. To post to this group, send email to cake-php@googlegroups.com To unsubscribe from this group, send email to cake-php+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/cake-php?hl=en
