Reputation: 2154
Get CSRF error when trying to delete one model from another in CakePHP
So in the index for one model, I have a list of associated models. In the list I include the delete postlink.
However, it seems that using the delete postlink to delete one model when in a view belonging to another throws a CSRF error.
This might just be the way Cake's Security component works, but is there any way around this (without compromising the security measures)?
Edit: Adding code.
Post link in a view (in this case, the index view for my Exercise model):
echo $this->Form->postLink('Delete', array('controller' => 'folders', 'action' => 'delete', $key), array('class' => 'delete', 'confirm' => 'Are you sure? This will also delete all associated exercises.'));
The Delete action in the Folder controller:
public function delete($id) {
if ($this->request->is('get')) {
throw new MethodNotAllowedException();
}
if ($this->Folder->delete()) {
$this->Session->setFlash('Folder '.$id.' has been deleted.', 'default', array('class' => 'success'));
$this->redirect(array('controller' => 'exercises', 'action' => 'index'));
}
}
Upvotes: 1
Views: 160
Answers (1)
Reputation: 29147
The CakePHP Security Component allows you to specify which Controllers and/or actions are allowed to send requests to your action.
Read this part of the documentation Restricting cross controller communication
Upvotes: 1
Related Questions
- How to delete value with foreign key in cakePHP 3?
- Csrftoken not validating in case of deleting the records in yii
- Delete function doesnt work in cakephp
- cakephp delete not working in model
- CakePHP delete() function is not working
- Deleting a record from a different model
- delete function not working cakephp
- CakePHP - Issue with Deleting Data via a Link
- delete from a associated model
- help with cakephp delete error