security still requires these tokens when you post.
the solution recreate a token before post.
in you’re view,
after you’re form->create
<?php echo $this->Form->input('typeaction', array('label' => false, 'div' => false)); ?>
and
<div id="tosubmitform" style="display:none"></div>
and you’re ajax function:
$("#MyIndexTypeaction").val(myurltopost);
$.ajax
({
url: "<?php echo $this->Html->url(array('action' => 'ajax_getFormToken', 'mymodelname')); ?>" ,
async: false,
type: 'POST',
data: $('#MyIndexForm').serialize(),
success:function(data)
{
$("#tosubmitform").html(data);
$("#ajax_getFormTokenForm").submit();
$("#tosubmitform").html('');
}
});
in appController.php
function ajax_getFormToken($modelClass){
if ( ! $this->request->is('post')) {
throw new UnauthorizedException();
}
$url = str_replace(Router::fullBaseUrl(), '', $this->request->data[$modelClass]['typeaction']);
if ( $this->request->webroot != '/' ) {
$url = str_replace($this->request->webroot, '', $url);
}
$url = Router::parse($url);
if ( count( $url['pass'])) {
$url += $url['pass'];
unset($url['pass']);
}
unset($this->request->data[$modelClass]['typeaction']);
$data = Hash::flatten($this->request->data);
$fields = array_keys($data);
$this->set(compact('modelClass', 'fields', 'url'));
$this->render('/Elements/formtoken', 'ajax');
}
in formtoken.ctp
<?php echo $this->Form->create(false, array(
'url' => $url,
'inputDefaults' => array(
'legend' => false,
'label' => false,
'div' => false,
'default' => false,
'id' => 'ajax_getFormTokenForm'
))
);
echo $this->Form->inputs($fields);
echo $this->Form->end(); ?>