1
我希望打開安全組件。已啓用安全組件的CakePHP和Facebook
但是當你在Facebook標籤中加載一個CakePHP應用程序時,FB發佈了$ _REQUEST ['signed_request']到我的表單 - 問題在於安全組件對這個「post」作出了「反應」並給了我驗證錯誤,黑洞等
我該如何解決這個問題?
我無法找到任何文件來解決這個問題。
我想要的是以某種方式「手動」運行安全組件,以便它只在我實際提交表單時「反應」,而不是在Facebook將$ _REQUEST ['signed_request']發佈到我的表單中時。
UPDATE:
<?php
App::uses('CakeEmail', 'Network/Email');
class PagesController extends AppController {
public $helpers = array('Html','Form');
public $components = array('RequestHandler');
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('*');
$this->Security->validatePost = true;
$this->Security->csrfCheck = true;
$this->Security->unlockedFields[] = 'signed_request';
}
public function home() {
$this->loadModel('Memberx');
if($this->request->is('post') && isset($this->request->data['Memberx']['name'])) {
//...save here, etc. ...
}
}
FYI:我得到一個 「黑洞」 的錯誤。
最後更新(後@ tigrang的答案):
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('*');
$this->set('hasLiked', false);
if(isset($this->request->data['signed_request'])){
$this->set('hasLiked', $this->hasLiked($this->request->data['signed_request']));
}
if(isset($this->request->data['Memberx']['signed_request'])) {
$this->set('hasLiked', $this->hasLiked($this->request->data['Memberx']['signed_request']));
}
/*
To go around Facebook's post $_REQUEST['signed_request'],
we unset the $_REQUEST['signed_request'] and disable the csrfCheck
ONLY after we have set the hasLiked view variable
*/
unset($this->request->data['signed_request']);
if (empty($this->request->data)) {
$this->Security->csrfCheck = false;
}
}
於是,我像做以下我的看法:
<?php
if($hasLiked) {
?>
You have liked this page!
<?php
}
?>
非常感謝!檢查$ this-> request-> data是否爲空,然後將$ this-> Security-> csrfCheck設置爲false解決了我的問題! – wenbert 2012-08-05 23:49:34
@tigrang我有同樣的問題..你如何做「//驗證請求」部分的功能...? – hemppa 2013-08-20 11:58:39