Reputation: 1359
cakephp 2.6 security request black-holed from another view
i red a lot about black holed requests in cakephp but i didn't found a working solution for my problem.
In my application i am using the login form in several places, so i created a reusable element. like:
echo $this->Form->create('User', array('class' => 'form-horizontal', 'role' => 'form', 'url' => array('controller' => 'users', 'action' => 'login')));
echo $this->Form->input('email', array('label' => false, 'class' => 'form-control'));
echo $this->Form->input('password', array('label' => false, 'class' => 'form-control'));
echo $this->Form->end();
(Note: url to controller and action in form)
If i click the form's send button in foo.com/users/login i got redirected to users/view in success or back to users/login in failure. After that i press the browsers page return button to get back to the form and again click the send button all works fine and the login is checked again. But if i do the same in for example foo.com/pages/home i get a request black-holed exception in the second continues (the first works fine).
If i deactivate the security component all works fine, but this is not what i want.
How can i prevent this?
I also recognized that the securtiy component is by default not available? Is this true?
Thanks for helping.
Upvotes: 1
Views: 150
Answers (1)
Reputation: 805
Security component prevents user from re hitting the form. When user press back button you can re-validate a page using
$this->response->disableCache();
Upvotes: 2
Related Questions
- cakePHP security
- How do I fix the error "Did you really think you are allowed to see that"
- The request has been black-holed - CakePHP
- The request has been black-holed
- Auth not working in view
- CakePHP Blackhole Security Error
- CakePHP 2.4 ignoring view
- CakePHP security component is blackholing local client's call
- security component issue in cakephp
- CakePHP Security Issue