Good evening,
I have understood that the CakePHP security component blackholes ajax POST calls without the security tokens generated during a preceding GET request. But is it recommended to turn off the security for Ajax Requests by creating exceptions for the respective controller functions?
I can imagine two different scenarios:
In the first scenario I have a classic form with traditional input types like a registration form with texts, dropdowns, checkboxes, etc. I just use Ajax to improve the user experience by presenting the form inside a bootstrap modal or something similar. The form is retrieved with Ajax, placed somewhere inside the DOM and the submit button only triggers a JavaScript function to serialize the form data and send it with POST. This should be work flawless with Ajax enabled security component, but of course things like flash messages need to be transcoded.
In the second scenario I have no traditional form, but a calendar for example, where I can create, move or delete appointments. How should I send this kind of arbitrary data with Ajax? Do I have to load a pseudo form with inputs via GET, place it hidden somewhere inside the DOM, set the parameters with jQuery .val() and send the serialized form via POST to get the results? I wonder if there is a benefit of using the security component with Ajax, or if its just waste of time?
Greetings,
John