CakePHP 2 aggressive Security – continued

CakePHP 2.0 has another aggressive security which is shown clearly when trying to make an ajax request to an action via method POST, it fires security error that says "Request is blackholed due to auth". The Solution to disable this aggressive validation for this action to set security attribute $validatePost to false.   property SecurityComponent::$validatePost Set … Continue reading CakePHP 2 aggressive Security – continued

CakePHP 2 Aggressive Security

CakePHP has had CSRF protection since 1.2. For 2.0 the existing CSRF has a new more paranoid mode, and is its own standalone feature. By default a new CSRF token is generated for each request, and each token can only be used one. If a token is used twice, it will be blackholed. Sometimes, this … Continue reading CakePHP 2 Aggressive Security