我想安全组件开启。
但是当你加载Facebook标签内CakePHP的应用程序,FB是$ _REQUEST [“signed_request”]我的形式 - 与此问题是,安全组件“做出反应”这个“后”,给我验证错误,黑色 - 孔等
我怎么去解决这个?
我找不到文档上的任何东西去解决这个问题。
我想要的是莫名其妙地“手动”运行安全组件,以便它唯一的“反应”当我真正提交我的形式,而不是当Facebook帖子的$ _REQUEST [“signed_request”]我的形式。
更新:
<?php
App::uses('CakeEmail', 'Network/Email');
class PagesController extends AppController {
public $helpers = array('Html','Form');
public $components = array('RequestHandler');
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('*');
$this->Security->validatePost = true;
$this->Security->csrfCheck = true;
$this->Security->unlockedFields[] = 'signed_request';
}
public function home() {
$this->loadModel('Memberx');
if($this->request->is('post') && isset($this->request->data['Memberx']['name'])) {
//...save here, etc. ...
}
}
FYI:我得到一个“黑洞”的错误。
最后更新(@ tigrang的回答后):
public function beforeFilter() {
parent::beforeFilter();
$this->Auth->allow('*');
$this->set('hasLiked', false);
if(isset($this->request->data['signed_request'])){
$this->set('hasLiked', $this->hasLiked($this->request->data['signed_request']));
}
if(isset($this->request->data['Memberx']['signed_request'])) {
$this->set('hasLiked', $this->hasLiked($this->request->data['Memberx']['signed_request']));
}
/*
To go around Facebook's post $_REQUEST['signed_request'],
we unset the $_REQUEST['signed_request'] and disable the csrfCheck
ONLY after we have set the hasLiked view variable
*/
unset($this->request->data['signed_request']);
if (empty($this->request->data)) {
$this->Security->csrfCheck = false;
}
}
于是,我像做以下我的看法:
<?php
if($hasLiked) {
?>
You have liked this page!
<?php
}
?>
![Prime Path[POJ3126] [SPFA/BFS]](https://oscimg.oschina.net/oscnet/e1200f32e838bf1d387d671dc8e6894c37d.jpg "Prime Path[POJ3126] [SPFA/BFS]")
