I have a number of forms, some of them are fine but two are causing an “auth” blackhole. I’m using the 2.7.x library, it might be a slightly different library, I do not have access to the server that it is on at the moment.
In the problematic forms I have taken out the JS so that the form does not get manipulated but that does not solve the problem.
I have an array of unlockedFields and I’m 99% sure that these are all of the fields that the JS changes. This is set in beforeFilter of each controller and I am statically calling the parent beforeFilter in there.
The security component is the first in the list of components in the AppController. I have the following settings:
‘csrfUseOnce’ => false, ‘csrfExpires’ => '+1 hour’
and a callback to log the reason for the blackhole which then throws the BadRequestException.
The only thing that I can think of which I haven’t looked at yet which could manipulate the form is i18n but the BadRequestException is not just thrown with a language change and it is only thrown in two of the forms.
All of the forms are created and ended in the same way i.e.
echo $this->Form->create(‘Health’, array(‘class’ => ‘form-vertical’, ‘novalidate’ => true));
echo $this->Form->end();
All form elements are created with $this->Form excepting that I am manually writing the labels for the Form->checkbox in one of the failing forms, the other form submission could be failing for a different reason. Would this cause a failure?