1

我想要打开安全组件。

但是,当您在 Facebook 选项卡中加载 CakePHP 应用程序时,FB 会将 $_REQUEST['signed_request'] 发布到我的表单 - 问题是安全组件对这个“帖子”“做出反应”并给我验证错误,黑色 -孔等

我该如何解决这个问题?

我在文档中找不到任何内容来解决这个问题。

我想要的是以某种方式“手动”运行安全组件,以便它仅在我实际提交表单时“做出反应”,而不是当 Facebook 将 $_REQUEST['signed_request'] 发布到我的表单时。

更新:

<?php
App::uses('CakeEmail', 'Network/Email');

class PagesController extends AppController {
    public $helpers = array('Html','Form');
    public $components = array('RequestHandler');

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('*');

         $this->Security->validatePost = true;
         $this->Security->csrfCheck = true;
         $this->Security->unlockedFields[] = 'signed_request';
    }

    public function home() {
        $this->loadModel('Memberx');
                if($this->request->is('post') && isset($this->request->data['Memberx']['name'])) {
                 //...save here, etc. ...
                }
    }

仅供参考:我收到“黑洞”错误。

最终更新(在@tigrang的回答之后):

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('*');

    $this->set('hasLiked', false);

    if(isset($this->request->data['signed_request'])){
        $this->set('hasLiked', $this->hasLiked($this->request->data['signed_request']));
    } 

    if(isset($this->request->data['Memberx']['signed_request'])) {
        $this->set('hasLiked', $this->hasLiked($this->request->data['Memberx']['signed_request']));  
    }

    /* 
    To go around Facebook's post $_REQUEST['signed_request'],
    we unset the $_REQUEST['signed_request'] and disable the csrfCheck
    ONLY after we have set the hasLiked view variable
    */
    unset($this->request->data['signed_request']);
    if (empty($this->request->data)) {
       $this->Security->csrfCheck = false;
    }        
}

然后,我在我的观点中做了如下的事情:

<?php
if($hasLiked) {
?>
    You have liked this page!
<?php
}
?>
4

1 回答 1

2 
public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('*');
    $this->_validateFbRequest();
}

protected function _valdiateFbRequest() {
   if (!isset($this->request->data['signed_request'])) {
       // not a valid request from fb
       // throw exception or handle however you want
       return;
   }
   $signedRequest = $this->request->data['signed_request'];
   unset($this->request->data['signed_request']);
   if (empty($this->request->data)) {
       $this->Security->csrfCheck = false;
   }
   // validate the request
}
于 2012-08-05T23:23:47.453 回答