小贝子编程

启用了安全组件的CakePHP和Facebook



我想打开安全组件。

但是,当你在Facebook选项卡中加载CakePHP应用程序时,FB会在我的表单中发布$_REQUEST['signed_REQUEST']-问题是安全组件对这个"帖子"做出"反应",并给我验证错误、黑洞等。

我该如何绕过这个?

我在文档中找不到任何关于这个问题的内容。

我想要的是以某种方式"手动"运行安全组件,这样它只在我实际提交表单时"做出反应",而不是在Facebook向我的表单发布$_REQUEST[已签名请求]时。

更新:

<?php
App::uses('CakeEmail', 'Network/Email');
class PagesController extends AppController {
    public $helpers = array('Html','Form');
    public $components = array('RequestHandler');
    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('*');
         $this->Security->validatePost = true;
         $this->Security->csrfCheck = true;
         $this->Security->unlockedFields[] = 'signed_request';
    }
    public function home() {
        $this->loadModel('Memberx');
                if($this->request->is('post') && isset($this->request->data['Memberx']['name'])) {
                 //...save here, etc. ...
                }
    }

仅供参考:我得到一个"黑洞"错误

最终更新(在@tigrang的回答之后):

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('*');
    $this->set('hasLiked', false);
    if(isset($this->request->data['signed_request'])){
        $this->set('hasLiked', $this->hasLiked($this->request->data['signed_request']));
    } 
    if(isset($this->request->data['Memberx']['signed_request'])) {
        $this->set('hasLiked', $this->hasLiked($this->request->data['Memberx']['signed_request']));  
    }
    /* 
    To go around Facebook's post $_REQUEST['signed_request'],
    we unset the $_REQUEST['signed_request'] and disable the csrfCheck
    ONLY after we have set the hasLiked view variable
    */
    unset($this->request->data['signed_request']);
    if (empty($this->request->data)) {
       $this->Security->csrfCheck = false;
    }        
}

然后,我在我的观点中做了如下的事情:

<?php
if($hasLiked) {
?>
    You have liked this page!
<?php
}
?>

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('*');
    $this->_validateFbRequest();
}
protected function _valdiateFbRequest() {
   if (!isset($this->request->data['signed_request'])) {
       // not a valid request from fb
       // throw exception or handle however you want
       return;
   }
   $signedRequest = $this->request->data['signed_request'];
   unset($this->request->data['signed_request']);
   if (empty($this->request->data)) {
       $this->Security->csrfCheck = false;
   }
   // validate the request
}

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium