使用后退按钮后的CakePHP黑洞搜索
[英]CakePHP blackholing search after using back button
问题描述
I'm having a problem with SecurityComponent in my CakePHP 2.4 app: 
我的CakePHP 2.4应用程序中的SecurityComponent出现问题:
I have a form which is hooked up to the CakeDC Search plugin to filter the results on my index action. 我有一个连接到CakeDC Search插件的表单,用于过滤index操作中的结果。 The problem is that SecurityComponent does exactly what it's supposed to do, and protects against a form being submitted twice- if a user searches, goes back, and searches again, it throws a CSRF error because the token has already been used. 问题在于SecurityComponent完全按照预期的方式工作,并且防止表单提交两次-如果用户搜索,返回并再次搜索,则由于令牌已被使用,它会引发CSRF错误。
I've tried one solution for this, which involves disabling SecurityComponent on my index action with this code in beforeFilter : 我为此尝试了一种解决方案,其中涉及使用beforeFilter这段代码在index操作上禁用SecurityComponent:
if($this->request->action == 'index'){
$this->Components->disable('Security');
}
This protects users against a blackhole error, however it also means that my delete links no longer work because the delete action expects a token from a page with Security enabled- and for obvious reasons I don't want to disable Security on delete. 这样可以保护用户免受黑洞错误的影响,但是这也意味着我的删除链接不再起作用,因为delete操作需要启用安全性的页面中的令牌,并且出于明显的原因,我不想在delete.禁用安全性delete.
How can I avoid blackholes when users search after using the back button, while still keeping SecurityComponent running so my delete links work? 当用户使用后退按钮进行搜索时如何避免黑洞,同时仍保持SecurityComponent运行,以便删除链接正常工作?
1 个解决方案
解决方案1
0 已采纳 2014-08-03 22:19:13
Read the documentation about CSRF. 阅读有关CSRF的文档。
SecurityComponent::$csrfUseOnce Controls whether or not CSRF tokens are single use.
Re-using the token should solve the problem. 重用令牌应该可以解决问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.