2012-08-05 45 views
1

我希望打開安全組件。已啓用安全組件的CakePHP和Facebook

但是當你在Facebook標籤中加載一個CakePHP應用程序時,FB發佈了$ _REQUEST ['signed_request']到我的表單 - 問題在於安全組件對這個「post」作出了「反應」並給了我驗證錯誤,黑洞等

我該如何解決這個問題?

我無法找到任何文件來解決這個問題。

我想要的是以某種方式「手動」運行安全組件,以便它只在我實際提交表單時「反應」,而不是在Facebook將$ _REQUEST ['signed_request']發佈到我的表單中時。

UPDATE:

<?php 
App::uses('CakeEmail', 'Network/Email'); 

class PagesController extends AppController { 
    public $helpers = array('Html','Form'); 
    public $components = array('RequestHandler'); 

    public function beforeFilter() { 
     parent::beforeFilter(); 
     $this->Auth->allow('*'); 

     $this->Security->validatePost = true; 
     $this->Security->csrfCheck = true; 
     $this->Security->unlockedFields[] = 'signed_request'; 
    } 

    public function home() { 
     $this->loadModel('Memberx'); 
       if($this->request->is('post') && isset($this->request->data['Memberx']['name'])) { 
       //...save here, etc. ... 
       } 
    } 

FYI:我得到一個 「黑洞」 的錯誤。

最後更新(後@ tigrang的答案):

public function beforeFilter() { 
    parent::beforeFilter(); 
    $this->Auth->allow('*'); 

    $this->set('hasLiked', false); 

    if(isset($this->request->data['signed_request'])){ 
     $this->set('hasLiked', $this->hasLiked($this->request->data['signed_request'])); 
    } 

    if(isset($this->request->data['Memberx']['signed_request'])) { 
     $this->set('hasLiked', $this->hasLiked($this->request->data['Memberx']['signed_request'])); 
    } 

    /* 
    To go around Facebook's post $_REQUEST['signed_request'], 
    we unset the $_REQUEST['signed_request'] and disable the csrfCheck 
    ONLY after we have set the hasLiked view variable 
    */ 
    unset($this->request->data['signed_request']); 
    if (empty($this->request->data)) { 
     $this->Security->csrfCheck = false; 
    }   
} 

於是,我像做以下我的看法:

<?php 
if($hasLiked) { 
?> 
    You have liked this page! 
<?php 
} 
?> 

回答

2
public function beforeFilter() { 
    parent::beforeFilter(); 
    $this->Auth->allow('*'); 
    $this->_validateFbRequest(); 
} 

protected function _valdiateFbRequest() { 
    if (!isset($this->request->data['signed_request'])) { 
     // not a valid request from fb 
     // throw exception or handle however you want 
     return; 
    } 
    $signedRequest = $this->request->data['signed_request']; 
    unset($this->request->data['signed_request']); 
    if (empty($this->request->data)) { 
     $this->Security->csrfCheck = false; 
    } 
    // validate the request 
} 
+0

非常感謝!檢查$ this-> request-> data是否爲空,然後將$ this-> Security-> csrfCheck設置爲false解決了我的問題! – wenbert 2012-08-05 23:49:34

+0

@tigrang我有同樣的問題..你如何做「//驗證請求」部分的功能...? – hemppa 2013-08-20 11:58:39