CakePHP and Facebook with Security Component turne

2019-06-04 01:34发布

站内问答 / 后端开发
444 1 4

I want the Security Component turned on.

BUT when you load a CakePHP app inside a Facebook tab, FB posts $_REQUEST['signed_request'] to my form - the problem with this is that the Security Component "reacts" to this "post" and gives me validation errors, black-hole, etc.

How do I go around this?

I could not find anything on the documentation to go around this problem.

What I wanted was to somehow run the Security Component "manually" so that it only "reacts" when I actually submit my form and not when Facebook posts the $_REQUEST['signed_request'] to my form.

UPDATE:

<?php
App::uses('CakeEmail', 'Network/Email');

class PagesController extends AppController {
    public $helpers = array('Html','Form');
    public $components = array('RequestHandler');

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('*');

         $this->Security->validatePost = true;
         $this->Security->csrfCheck = true;
         $this->Security->unlockedFields[] = 'signed_request';
    }

    public function home() {
        $this->loadModel('Memberx');
                if($this->request->is('post') && isset($this->request->data['Memberx']['name'])) {
                 //...save here, etc. ...
                }
    }

FYI: I get a "black hole" error.

FINAL UPDATE (After @tigrang's answer):

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('*');

    $this->set('hasLiked', false);

    if(isset($this->request->data['signed_request'])){
        $this->set('hasLiked', $this->hasLiked($this->request->data['signed_request']));
    } 

    if(isset($this->request->data['Memberx']['signed_request'])) {
        $this->set('hasLiked', $this->hasLiked($this->request->data['Memberx']['signed_request']));  
    }

    /* 
    To go around Facebook's post $_REQUEST['signed_request'],
    we unset the $_REQUEST['signed_request'] and disable the csrfCheck
    ONLY after we have set the hasLiked view variable
    */
    unset($this->request->data['signed_request']);
    if (empty($this->request->data)) {
       $this->Security->csrfCheck = false;
    }        
}

Then, I do something like below in my views:

<?php
if($hasLiked) {
?>
    You have liked this page!
<?php
}
?>

1条回答
beautiful°
2楼-- · 2019-06-04 02:08 
public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('*');
    $this->_validateFbRequest();
}

protected function _valdiateFbRequest() {
   if (!isset($this->request->data['signed_request'])) {
       // not a valid request from fb
       // throw exception or handle however you want
       return;
   }
   $signedRequest = $this->request->data['signed_request'];
   unset($this->request->data['signed_request']);
   if (empty($this->request->data)) {
       $this->Security->csrfCheck = false;
   }
   // validate the request
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)