CakePHP ajax post keeps returning 400 Bad Request

前端 未结 4 607
北海茫月
北海茫月 2021-02-09 19:41

I am tring to use an ajax post to an action. GET requests work fine but when I try to POST I see a \'400 Bad Request\' in firebug and the view return a \'Black hole\' response.<

4条回答
  •  时光取名叫无心
    2021-02-09 20:06

    Protection against form tampering is one of the basic features provided by the Security Component. As long as it is enabled, it is going to treat all POSTs as form submissions.

    A regular hand-coded HTML form won't work with the Security Component enabled, so neither will a JQuery-generated POST. You can, of course, use $this->Security->validatePost = false; or $this->Security->csrfCheck = false; but then you loose the protection that the Security Component provides.

    To keep the Security Component on and working as normal, you need to use the CakePHP Form Helper to create the form you're going to post via ajax. This way the data[_Token][fields] and data[_Token][unlocked] hidden fields get generated with their keys:

    Form->create('Test',array('id'=>'testform'));
        echo $this->Form->input('Something');
        echo $this->Form->submit();
        echo $this->Form->end();
    ?> 
    

    This will generate something like this:

    Now it's just a matter of serializing this form in JQuery so that it can be sent with the ajax POST:

        $('#testform').submit(function(event) {
            $.ajax({
                type: 'POST',
                url: "/your/url",
                data: $('#testform').serialize(),
                success: function(data){ 
                    alert('Wow this actually worked');
                },
                error:function() {
                    alert('This will never work');
                }
            });
            event.preventDefault(); // Stops form being submitted in traditional way
        });
    

    Now if you press the submit button, the POST will succeed.

    IMPORTANT: Due to the fact that the Form Helper's Tokens can only be used with the Security Component once, this solution only works if you only intend to POST once per page generation. If you need to be able to post the same form several times between page reloads then you'll need to do the following when you add the Security Component at the beginning of your Controller:

    public $components = array(
        'Security' => array(
            'csrfUseOnce' => false
        )
    );
    

    ...this will allow the tokens to be used for more than one request. It's not as secure but you can combine it with csrfExpires so that the tokens will expire eventually. This is all documented in the CSRF configuration section of the Cake book.

提交回复
热议问题