I have a project on my localhost that uses the Security Component and everything works fine. I have the same project duplicated and its the other way round. All the forms, except the login is being blackholed.
Here’s what my setup looks like.
App\src\Controller\AppController.php
* @return void
*/
public function initialize() {
$this->loadComponent('Security');
$this->loadComponent('RequestHandler');
$this->loadComponent('Flash');
.....
}
App\src\Controller\UsersController.php
public function initialize() {
parent::initialize();
$this->Auth->allow(['logout', 'register', 'forgotPassword', 'resetPassword', 'activateAccount']);
}
public function beforeFilter(Event $event) {
parent::beforeFilter($event);
$this->Security->setConfig('csrfUseOnce', true);
$this->Security->setConfig('unlockedFields', ['payment_action', 'g-recaptcha-response']);
$this->Security->setConfig('blackHoleCallback', 'blackhole');
}
I’ve confirmed that the csrf is generated as hidden field along with _Token fields (same as in the other project, but it just doesn’t work
No fields are generated statically, no names are overidden, forms are generated using
$this->Form->create()
Forms are closed using
$this->Form->end();
Here’s an example of the a form, its got just one field, but it is always bllackholed
<?= $this->Form->create($user, ['id' => 'tfaForm', 'class' => "form-horizontal form-material", 'autocomplete' => 'off']); ?>
<div class="form-group ">
<div class="col-xs-12 col-md-3">
<?= $this->Form->text('tfa', ['labelOptions' => false, 'class' => 'form-control', 'placeholder' => "6 digit Code", 'autofocus']); ?>
</div>
</div>
<div class="form-group m-t-10">
<div class="col-xs-12 col-md-4">
<?= $this->Form->button('Submit', ['class'= > 'btn waves-effect waves-light btn-primary btn-sm']); ?>
</div>
</div>
<?= $this->Form->end(); ?>
The validatePost() method of the Security Component keep returning false. Is there something I’m not getting? I would appreciate a technical explanation.
Thanks in advance.