在特定操作 CakePHP 3 上禁用 CSRF [英] Disabling CSRF on a specific action CakePHP 3
问题描述
所以,我有一个使用 DataTables 自动生成的表格.我的 CakePHP 中的一个动作获取该表的数据,并将其格式化为 JSON 以供数据表使用,这是格式化的 JSON:
So, I have a table that is auto-generated using DataTables. An action in my CakePHP grabs the data for that table, and formats it into JSON for datatables to use, this is the formatted JSON:
<?php
$data = array();
if (!empty($results)) {
foreach ($results as $result) {
$data[] = [
'name' => $result->name,
'cad' => $this->Number->currency($result->CAD, 'USD'),
'usd' => $this->Number->currency($result->USD, 'USD'),
'edit' => '<a href="' .
$this->Url->build(['controller' => 'Portfolios', 'action' => 'edit', $result->id]) .
'"><i class="fa fa-pencil"></i></a>',
'delete' => '<input type="checkbox" class="delete" value="' . $result->id . '">'
];
}
}
echo json_encode(compact('data'));
如您所见,我在其中有一个删除"选项,该选项会输出一个复选框,其中包含相应元素的 id 值.选中该复选框后,将显示发送此 ajax 请求的删除按钮:
As you can see, I have a 'delete' option in there that outputs a checkbox with the value of the id of the corresponding element. When that checkbox is checked, a delete button is showing which sends this ajax request:
$('a#delete').on('click', function(e) {
e.preventDefault();
var checkedValues = [];
$('input.delete:checked').each(function() {
checkedValues.push($(this).val());
});
$.ajax({
url: $(this).attr('href'),
type: 'POST',
data: checkedValues
});
})
这个 ajax 帖子转到我的控制器操作 delete().我遇到的问题是我收到一个错误,指出无效的 Csrf 令牌".我知道为什么会发生这种情况,我正在提交一个启用了 Csrf 保护的表单,其中没有添加 Csrf 令牌.
This ajax post goes to my controller action delete(). The problem I'm having is that I'm getting an error that states "Invalid Csrf Token". I know why this is happening, I'm submitting a form with Csrf protection on, that has no Csrf token added to it.
我不知道如何为这种情况手动创建 Csrf 令牌(在页面加载后生成输入值).我也无法弄清楚如何禁用 Csrf 保护.我读了 这个,但是代码放在 beforeFilter 函数中,据我了解,这意味着它在每个动作上运行,而不仅仅是这个,这不是我想要的.另外,老实说,我更喜欢不停用安全功能的解决方案.
I can't figure out how to manually create a Csrf token for this situation (where the input values are generated after the page has loaded). Nor can I figure out how to disable Csrf protection. I read this, but the code is placed in the beforeFilter function, and as far as I understand it, that means it's run on every action, not just this one, and that's not what I want. Plus, to be completely honest, I would prefer a solution where I don't deactivate security functions.
无论如何要为此特定操作禁用 Csrf,还是有更好的方法来执行此操作?
Is there anyway to disable Csrf for this specific action, or is there a better way to do this?
推荐答案
在此处阅读有关 CSRF 组件的所有信息
read all about the CSRF component here
http://book.cakephp.org/3.0/en/控制器/组件/csrf.html
您可以在此处禁用特定操作:
you can disable for a specific action here:
public function beforeFilter(Event $event) {
if (in_array($this->request->action, ['actions_you want to disable'])) {
$this->eventManager()->off($this->Csrf);
}
}
这篇关于在特定操作 CakePHP 3 上禁用 CSRF的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
