udaya
Reputation: 9778
How to enable Security(CSRF) alone in Cake 2.0
I am trying to enable CSRF security in Cakephp 2.0
I have included the Security component in my controller.
public $components = array( 'Security');
I want to enable this component for only one function, say function test.
Other functions must be free of Security
I have tried to do like
$this->Security->requireSecure('test');
I have provided it like this as i want to enable security in test function alone.
In cakephp3.0 I found a option for enabling CSRF alone. But i need the solution for cakephp 2.0
I don't need any other securities validatePost, requirePost, requireDelete etc..
Awaiting for the feedbacks. Thanks in advance.
Upvotes: 0
Views: 614
Answers (1)
Stanimir Dimitrov
Reputation: 1890
CSRF should be enabled in every action/form by default, and disabled for any action you want, not the backwards.
public $components = array('Security');
private $disabledCSRFForActions = array("test");
public function beforeFilter() {
parent::beforeFilter();
if (isset($this->Security) && in_array($this->action, $disabledCSRFForActions) {
$this->Security->validatePost = false;
$this->Security->enabled = false;
$this->Security->csrfCheck = false;
}
}
Upvotes: 1
Related Questions
- Cakephp - Disable CSRF to using api in android app
- Cakephp 3.5.6 disable CSRF Middleware for controller
- How to define CSRF token in ajax call in Cakephp 3. Also How CSRF can be off for some ajax requests
- Disabling CSRF on a specific action CakePHP 3
- CakePHP 3.6.10 disable completely CSRF token check
- How secured if Cross Site Request Forgery(CSRF) to be enabled in Cakephp?
- Form keys (CSRF) in CakePHP
- Avoid CSRF with Form->postLInk at CakePHP 2.2
- Cakephp regarding Security Component and CSRF protection
- CakePHP and CSRF