CakePHP和带安全组件的Facebook已开启

时间:2012-08-05 23:10:30

标签: facebook cakephp cakephp-2.0

我想要打开安全组件。

但是当您在Facebook标签页面中加载CakePHP应用程序时,FB会将$ _REQUEST ['signed_request']发布到我的表单 - 问题是安全组件“对此”帖子做出“反应”并给出验证错误,黑洞等

我该如何解决这个问题?

我在文档上找不到任何解决此问题的方法。

我想要的是以某种方式“手动”运行安全组件,以便它只在我实际提交表单时“反应”,而不是当Facebook将$ _REQUEST ['signed_request']发布到我的表单时。

更新:

<?php
App::uses('CakeEmail', 'Network/Email');

class PagesController extends AppController {
    public $helpers = array('Html','Form');
    public $components = array('RequestHandler');

    public function beforeFilter() {
        parent::beforeFilter();
        $this->Auth->allow('*');

         $this->Security->validatePost = true;
         $this->Security->csrfCheck = true;
         $this->Security->unlockedFields[] = 'signed_request';
    }

    public function home() {
        $this->loadModel('Memberx');
                if($this->request->is('post') && isset($this->request->data['Memberx']['name'])) {
                 //...save here, etc. ...
                }
    }

仅供参考:我收到了“黑洞”错误。

最终更新(在@tigrang的回答之后): 

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('*');

    $this->set('hasLiked', false);

    if(isset($this->request->data['signed_request'])){
        $this->set('hasLiked', $this->hasLiked($this->request->data['signed_request']));
    } 

    if(isset($this->request->data['Memberx']['signed_request'])) {
        $this->set('hasLiked', $this->hasLiked($this->request->data['Memberx']['signed_request']));  
    }

    /* 
    To go around Facebook's post $_REQUEST['signed_request'],
    we unset the $_REQUEST['signed_request'] and disable the csrfCheck
    ONLY after we have set the hasLiked view variable
    */
    unset($this->request->data['signed_request']);
    if (empty($this->request->data)) {
       $this->Security->csrfCheck = false;
    }        
}

然后,我在我的观点中做了类似下面的事情:

<?php
if($hasLiked) {
?>
    You have liked this page!
<?php
}
?>

1 个答案:

答案 0 :(得分:2)

public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('*');
    $this->_validateFbRequest();
}

protected function _valdiateFbRequest() {
   if (!isset($this->request->data['signed_request'])) {
       // not a valid request from fb
       // throw exception or handle however you want
       return;
   }
   $signedRequest = $this->request->data['signed_request'];
   unset($this->request->data['signed_request']);
   if (empty($this->request->data)) {
       $this->Security->csrfCheck = false;
   }
   // validate the request
}
相关问题
最新问题