| # |
Aug 8th 2008, 13:10 |
lqdice__ |
this security component is too secure.. there is no easy to way to debug it |
| # |
Aug 8th 2008, 13:08 |
lqdice__ |
just saved me a few lines of code |
| # |
Aug 8th 2008, 13:08 |
lqdice__ |
) |
| # |
Aug 8th 2008, 13:08 |
lqdice__ |
oh ok |
| # |
Aug 8th 2008, 13:07 |
TommyO |
lqdice__: startup() in a component will only run if component is enabled |
| # |
Aug 8th 2008, 13:07 |
lqdice__ |
oh the component class lets you disable them? cause I didnt see anything in the actual security class |
| # |
Aug 8th 2008, 13:07 |
TommyO |
lqdice__: check the Component class |
| # |
Aug 8th 2008, 13:07 |
TommyO |
lqdice__: $this->Security->enabled = false; in beforeFilter() or something like that |
| # |
Aug 8th 2008, 13:05 |
lqdice__ |
thats the only way i see right now |
| # |
Aug 8th 2008, 13:05 |
lqdice__ |
i might just have to make it so i can force the security component not to load for some actions |
| # |
Aug 8th 2008, 13:05 |
lqdice__ |
yeah doesnt recognize it |
| # |
Aug 8th 2008, 13:04 |
lqdice__ |
swfupload afaik just does a regular post to that url so it may not detect it as ajax |
| # |
Aug 8th 2008, 13:03 |
lqdice__ |
the security component kicks in and says my request is bad |
| # |
Aug 8th 2008, 13:03 |
lqdice__ |
its not working |
| # |
Aug 8th 2008, 13:01 |
TommyO |
it doesn't force ajax, it recognizes it |
| # |
Aug 8th 2008, 13:01 |
TommyO |
I think that you're prematurely optimizing |
| # |
Aug 8th 2008, 13:01 |
lqdice__ |
just 1 action |
| # |
Aug 8th 2008, 13:01 |
lqdice__ |
TommyO: i dont want it to load w/ every action |
| # |
Aug 8th 2008, 13:00 |
TommyO |
lqdice__: why? add it to the controller's $components array |
| # |
Aug 8th 2008, 13:00 |
lqdice__ |
TommyO: i dont know if swfupload really sends it as "ajax" per-se.. its posting to it .. ill try it htough |
| # |
Aug 8th 2008, 13:00 |
lqdice__ |
can it be loaded dynamically like this: App::import('Component', 'RequestHandling'); ? |
| # |
Aug 8th 2008, 12:59 |
TommyO |
lqdice__: read up on it. it's an integral part of cake's ajax support |
| # |
Aug 8th 2008, 12:59 |
lqdice__ |
will it then not mess w/ the security ? |
| # |
Aug 8th 2008, 12:59 |
TommyO |
it allows cake to recognize Ajax requests. does some magic for you. and I believe it protects the session too |
| # |
Aug 8th 2008, 12:58 |
TommyO |
err...RequestHandler I mean |
| # |
Aug 8th 2008, 12:58 |
lqdice__ |
whats that |
| # |
Aug 8th 2008, 12:57 |
lqdice__ |
no |
| # |
Aug 8th 2008, 12:57 |
TommyO |
lqdice__: does the controller that has /upload have the RequestActionComponent loaded? |
| # |
Aug 8th 2008, 12:54 |
lqdice__ |
well my /upload form gets blackholed because its being called in a weird way from flash so that unsets the token key |
| # |
Aug 8th 2008, 12:52 |
lqdice__ |
teknoid: basically security populates a session['token']['key'] everytime a user goes to a form.. then when a form is submitted.. it will remove it from the session and check it against the data that the user submitted... but because swfupload calls from /add to /upload through ajax, then submits /add.. by the time the last action is executed, the token is no longer there |
| # |
Aug 8th 2008, 12:51 |
teknoid |
lqdice__: why would it remove something from your session? do the sessions match? |
| # |
Aug 8th 2008, 12:50 |
lqdice__ |
so it doesnt unset the session token |
| # |
Aug 8th 2008, 12:50 |
lqdice__ |
i basically need /upload not to use security |
| # |
Aug 8th 2008, 12:49 |
lqdice__ |
swfupload sends the file to /upload .. i got /upload to load the session etc.. fine but then the security component removes the token key from my session.. then swfupload submits my form and the page that it submits to is expecting the token key which upload disabled |
| # |
Aug 8th 2008, 12:48 |
teknoid |
lqdice__: no, what exactly happens? |
| # |
Aug 8th 2008, 12:48 |
lqdice__ |
using swfupload and its not playing nice |
| # |
Aug 8th 2008, 12:47 |
lqdice__ |
teknoid: you know any way to complete disable the security component from a certain action? |
| # |
Aug 8th 2008, 12:42 |
polerin |
though I think that cake really needs to look at making them bianary, rather than char's |
| # |
Aug 8th 2008, 12:42 |
teknoid |
np |
| # |
Aug 8th 2008, 12:42 |
polerin |
UUID's are win |
| # |
Aug 8th 2008, 12:42 |
linked_ |
teknoid: yeah, im working on a full-blown resource scheduling app, which have plans to eventually expand with accounting system i guess i'll have to explore this uuid. thanks for the input. |