[CakePHP2.x] Issue when using the Security component [black-holed]

2017.03.21

3 votes, average: 1.00 / 13
7,805
X Facebook Hatena Bookmark pocket
Black-holed CakePHP PHP security

This is Hase from the development team

while using the Security component to implement a login function in CakePHP
I encountered this mysterious error

The request has been black-holed

A black hole? What is this?
It especially happens when you click the "back" button in your browser after submitting a form and then submit it again.

As a complete novice, I didn't understand what this error meant, so I
decided to look up how to fix it.

Allow Post and Ajax

Since there were errors almost everywhere on the form screen,
I added a `beforeFilter` to allow POST requests and, incidentally, Ajax requests.

app/Controller/AppController.php

public function beforeFilter() { $this->Security->validatePost = false; $this->Security->csrfCheck = false; ... // ~Do some processing~ }

I checked again
, but it was still happening. So,
I started investigating again.

Fix the override

AppController.phpseems that allowing POST and Ajax in
caused the Controller to override beforeFilter,
resulting in the communication permission being removed.

Therefore, I fixed the Controller that was causing the black-hole error.
to beforefilterparent::beforeFilter();I added

app/Controller/UserController.php

public function beforeFilter() { parent::beforeFilter(); // ~some processing~ }

I thought the error would be gone now,
but when I checked again, the same error occurred.

Handling Blackhole Callbacks

I've come this far, but the official website has instructions on how to deal with this

When restricted by the Security component, by default, it returns a 400 error and discards the request as invalid.
You can change this behavior by setting the callback function in your controller to $this->Security->blackHoleCallback.

In other words,submitting a form, then going back in the browser and submitting it againthe act of
is an invalid request, which is
why a 400 error was returned and a black-holed error occurred.

I should have looked at the official website from the beginning

So, I modified the beforefilter of the Controller that was causing the black-hole error as follows:

public function beforeFilter() { parent::beforeFilter(); $this->Security->blackHoleCallback = 'blackhole'; $this->Security->validatePost = false; $this->Security->csrfCheck = false; // ~ Some processing ~ } // Let the black hole through public function blackhole($type) { }

The black-holed error is gone!!
What a relief.

reference

https://book.cakephp.org/2.0/ja/core-libraries/components/security-component.html
http://www.aipacommander.com/entry/2015/04/27/180000

If you found this article helpful,please give it a "Like"!
3
Loading...
3 votes, average: 1.00 / 13
7,805
X Facebook Hatena Bookmark pocket

The person who wrote this article

About the author

Tatsuya Hase

Joined Beyond Co., Ltd. as a new graduate

We develop web systems (development of browser-based services and systems such as web services, digital content, and business management systems) and game APIs (development of programs for communication with app games)

We also develop private/custom apps for Shopify

Originally worked at the Osaka office, but transferred to the Yokohama office in 2019.
Hobbies: baseball, karaoke, anime.

This is a collection of extensions that make using Visual Studio Code more enjoyable [Technical Edition]: Code-ifying infrastructure configurations. Deploying AWS instances using Terraform.