I have understood that the CakePHP security component blackholes ajax POST calls without the security tokens generated during a preceding GET request. But is it recommended to turn off the security for Ajax Requests by creating exceptions for the respective controller functions?
I can imagine two different scenarios:
In the second scenario I have no traditional form, but a calendar for example, where I can create, move or delete appointments. How should I send this kind of arbitrary data with Ajax? Do I have to load a pseudo form with inputs via GET, place it hidden somewhere inside the DOM, set the parameters with jQuery .val() and send the serialized form via POST to get the results? I wonder if there is a benefit of using the security component with Ajax, or if its just waste of time?