Re: Security and Ajax

Because the keys are 'use once', so when submitted by ajax become invalid. See this page for a solution: http://book.cakephp.org/2.0/en/core-libraries/components/security-component.html#SecurityComponent::$csrfUseOnce

Jeremy Burns

Class Outfit

http://www.classoutfit.com

On 8 Aug 2013, at 20:53, "Advantage+" <movepixels@gmail.com> wrote:

I know forms submitted via ajax that the security component does not work. (Checking for edits / tampering)

 

What is the reason for this? I understand if you add fields dynamically why it would not work because of the hashed fields when the form is rendered.

 

But if you are simply sending a form as coded $this->Form as standard procedure, no edits or fields added why would it not act the same?

The exact data is being sent as if it was submitted http. No?

 

Just curious.

 

Thanks,

 

Dave

 

-- 
Like Us on FaceBook https://www.facebook.com/CakePHP
Find us on Twitter http://twitter.com/CakePHP
 
--- 
You received this message because you are subscribed to the Google Groups "CakePHP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cake-php+unsubscribe@googlegroups.com.
To post to this group, send email to cake-php@googlegroups.com.
Visit this group at http://groups.google.com/group/cake-php.
For more options, visit https://groups.google.com/groups/opt_out.