1
我希望打开安全组件。已启用安全组件的CakePHP和Facebook
但是当你在Facebook标签中加载一个CakePHP应用程序时,FB发布了$ _REQUEST ['signed_request']到我的表单 - 问题在于安全组件对这个“post”作出了“反应”并给了我验证错误,黑洞等
我该如何解决这个问题?
我无法找到任何文件来解决这个问题。
我想要的是以某种方式“手动”运行安全组件,以便它只在我实际提交表单时“反应”,而不是在Facebook将$ _REQUEST ['signed_request']发布到我的表单中时。
UPDATE:
<?php
App::uses('CakeEmail', 'Network/Email');
class PagesController extends AppController {
public $helpers = array('Html','Form');
public $components = array('RequestHandler');
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('*');
$this->Security->validatePost = true;
$this->Security->csrfCheck = true;
$this->Security->unlockedFields[] = 'signed_request';
}
public function home() {
$this->loadModel('Memberx');
if($this->request->is('post') && isset($this->request->data['Memberx']['name'])) {
//...save here, etc. ...
}
}
FYI:我得到一个 “黑洞” 的错误。
最后更新(后@ tigrang的答案):
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('*');
$this->set('hasLiked', false);
if(isset($this->request->data['signed_request'])){
$this->set('hasLiked', $this->hasLiked($this->request->data['signed_request']));
}
if(isset($this->request->data['Memberx']['signed_request'])) {
$this->set('hasLiked', $this->hasLiked($this->request->data['Memberx']['signed_request']));
}
/*
To go around Facebook's post $_REQUEST['signed_request'],
we unset the $_REQUEST['signed_request'] and disable the csrfCheck
ONLY after we have set the hasLiked view variable
*/
unset($this->request->data['signed_request']);
if (empty($this->request->data)) {
$this->Security->csrfCheck = false;
}
}
于是,我像做以下我的看法:
<?php
if($hasLiked) {
?>
You have liked this page!
<?php
}
?>
非常感谢!检查$ this-> request-> data是否为空,然后将$ this-> Security-> csrfCheck设置为false解决了我的问题! – wenbert 2012-08-05 23:49:34
@tigrang我有同样的问题..你如何做“//验证请求”部分的功能...? – hemppa 2013-08-20 11:58:39