CakePHP GET动作正常,POST动作不起作用

时间:2014-05-22 21:15:57

标签: cakephp-2.0

我有一个ordercontroller,其中定义了以下操作:

class OrdersController extends AppController {
  public $helpers = array('Html', 'Form', 'PhpExcel');

  public function payment_pb () {
    $this->log('Test the debug functionality with cakelog', 'debug');
  }

  public function beforeFilter() {
    parent::beforeFilter();
    $this->Auth->allow('*');

    if ($this->action == 'payment_pb') {
      $this->log($this->request->method(), 'debug');
      $this->log($this->request, 'debug');
    }
  }
}

如果我执行GET请求,我会得到以下输出:

  

[datetime] Debug:GET

     

[datetime]调试:CakeRequest对象([params] => ...,...)

     

[datetime] Debug:使用cakelog

测试调试功能

一切都很好,我得到了正确的调试输出。如果我尝试POST请求,我会得到以下输出:

  

[datetime]调试:POST

     

[datetime]调试:CakeRequest对象([params] => ...,...)

所以它就像" payment_pb"如果我通过POST请求转到它,我的控制器中永远不会到达它,尽管它必须通过正确的功能才能完成正确的操作。

我是否必须为我的routhings做一些特别的工作?我需要具体考虑哪些配置?

编辑:安全组件问题

我将添加我为安全组件编写的代码,问题在这部分代码中存在:

class AppController extends Controller {
  public $helpers = array('Html');
  public $components = array(
    'Security',
    'Session',
    'Acl',
    'Auth' => array(
      'authorize' => array(
        'Actions' => array('actionPath' => 'controllers')
      ),
      'loginAction' => array(
        'controller' => 'users' ,
        'action' => 'create' ,
      ) ,
      'logoutAction' => array(
        'controller' => 'users' ,
        'action' => 'logout' ,
      ),
      'authError' => 'You don't have sufficient permissions to enter this page',
    ),
  );

  function beforeFilter() {
    $this->_setupSecurity();
  }

  function _setupSecurity() {
    $this->Security->blackHoleCallback = '_badRequest';
    if (Configure::read('forceSSL')) {
      $this->Security->requireSecure('*');
    }
  }

  function _badRequest($type) {
    if (Configure::read('forceSSL') && !$this->request->is('ssl')) {
      $this->_forceSSL();
    }
    exit;
  }

  function _forceSSL() {
    $this->redirect('https://' . env('SERVER_NAME') . $this->here);
    exit;
  }
}

我的core.php文件:

Configure::write('forceSSL', true); // OR Configure::write('forceSSL', false); WHEN on my testserver.

1 个答案:

答案 0 :(得分:1)

您的服务器上有SSL吗? SSL配置错误可能会导致这种情况。我以前经历过这个。

编辑:建议您进行SSL设置 

public function beforeFilter() {
   if(Configure::read('forceSSL')){
      if(!$this->request->is('ajax')){ //just add this so that there will be no conflicts in your ajax calls regarding SSL
          $secured_pages=array("login", "add"); //just add here the actions you need to be secured

          if((!in_array($this->action, $secured_pages) && env('HTTPS')){
             $this->unforceSSL();
          }

          if(in_array($this->action, $secured_pages) && !env('HTTPS')) {
             $this->forceSSL();
          }
      }
   }
 }

public function unforceSSL() {
   return $this->redirect('http://' . env('SERVER_NAME') . $this->here);
}

public function forceSSL() {
   return $this->redirect('https://' . env('SERVER_NAME') . $this->here);
}

通过这种方式,它将变得更加容易,您只能指定受保护的页面。它会更有效率。您可以删除安全组件。我尝试过使用安全组件一次,但它对我的项目来说不够通用。所以我做了这个。

相关问题
最新问题