I’m using FormProtection in my AppController to protect all forms in my app (admin and front).
The problem in the case of a contact form is that when a user stays a while on the contact page and then fills and submits the form a BadRequestException is thrown.
I think that it comes from the fact that FormProtection is related to the session.
My questions are :
Is there a way to keep FormProtection but avoid the problem described above ? Is it risky to disable FormProtection for my contact form (using $this->FormProtection->setConfig('unlockedActions', ['index']); in ContactController::beforeFilter()) ?