[CakePHP2.x] Problem when using Security component [black-holed]

2017.03.21

3 votes, average: 1.00 / 13
7,672
X facebook Hatena Bookmark pocket
black-holed CakePHP PHP Security

This is Hase from the development team.

When I was using the Security component to implement a login function in CakePHP,
I encountered this mysterious error.

The request has been black-holed

A black hole? What's that?
It especially occurs when you submit a form, go back in your browser, and then submit it again.

As I was still a novice, I had no idea what this error was, so I
decided to look into how to solve it.

Allow Post and Ajax

Since errors were occurring almost every time on the form screen,
I set the beforeFilter to allow Post and also Ajax.

app/Controller/AppController.php

public function beforeFilter() { $this->Security->validatePost = false; $this->Security->csrfCheck = false; ... // ~Do some processing~ }

I checked it with some hope that the error would no longer occur
, but the same error still occurred.
I started investigating again.

Fix the override

by allowing Post and Ajax in the beforeFilter of
AppController.php the Controller overrode the beforeFilter, and
communication was no longer permitted.

So, fix the controller that causes the black-hole error
by adding parent::beforeFilter(); to the beforefilter

app/Controller/UserController.php

public function beforeFilter() { parent::beforeFilter(); // ~some processing~ }

I thought the error would go away, so
I checked, but the same error occurred again.

Handling Blackhole Callbacks

I've come this far, but the official website has instructions on how to deal with this

When restricted by the Security Component, by default invalid requests will be discarded with a 400 error.
You can change this behavior by setting $this->Security->blackHoleCallback to a callback function in your controller.

In other words, clicking "Back" in the browser after submitting the form and then submitting it again
is an invalid request, so
a 400 error is returned, causing a black-holed error.

I should have looked at the official website from the beginning

So, I modified the beforefilter of the Controller that was causing the black-hole error as follows:

public function beforeFilter() { parent::beforeFilter(); $this->Security->blackHoleCallback = 'blackhole'; $this->Security->validatePost = false; $this->Security->csrfCheck = false; // ~ Some processing ~ } // Let the black hole through public function blackhole($type) { }

Now the black-holed error has disappeared!!
What a relief.

reference

https://book.cakephp.org/2.0/ja/core-libraries/components/security-component.html
http://www.aipacommander.com/entry/2015/04/27/180000

If you found this article helpful , please give it a like!
3
Loading...
3 votes, average: 1.00 / 13
7,672
X facebook Hatena Bookmark pocket

The person who wrote this article

About the author

Tatsuya Hase

Joined Beyond Co., Ltd. as a new graduate.

We develop web systems (development of services and systems that run on browsers, such as web services, digital content, and business management systems) and game APIs (development of programs that communicate with application games).

We also develop private/custom apps for Shopify.

Originally worked at the Osaka office, but transferred to the Yokohama office in 2019.
His hobbies are baseball/karaoke/anime

A collection of extensions that make using Visual Studio Code more fun [Technical Edition] Codifying infrastructure configuration. Deploying AWS instances using terraform.