[TESTING] CakePHP4: Black-holed

Hello world,

As part of a cakephp 3.6 to 4.4 migration. I’m trying to put the tests to green but I have a problem with black-holes with post methods.

In my tests, I added the methods to ignore the tokens.


So I have a code 500, with this line in debug = false.

[Cake\Controller\Exception\SecurityException] The request has been black-holed

this line in debug = true.

[Cake\Controller\Exception\AuthSecurityException] Invalid security debug token.

The only way to solve the problem is to create in the controller a BeforeFilter which will unlockedActions the method.

$this->Security->setConfig('unlockedActions', [

This poses conceptual problems for me. If I unlockedActions the CRSF token is no longer applied and therefore opens a security hole in my application.

Have you encountered this problem and how did you resolve it?


NB: Here is an exemple of my test

public function testPostIndexWithAuth($userId = 1)
    // session
    $user = $this->Utilisateurs->get($userId);
    $this->session(['Auth' => $user]);

    // Security

    // Data & Post
    $data = ['name' => 'Ledo'];
    $this->post('/company', $data);

    // Redirect
    $this->get('/company?name=' . $data['name']);
    $this->assertResponseContains('<td>Ledo Garden</td>');