secured-links
secured-links copied to clipboard
@secured annotation does not work with actions
It seems that only signals can be protected. But I usually use render or action methods for actions which should be protected (e.g. renderDelete).
This is feature. Implementing support for actions would hurt performance or would require complicated caching.
Ok, this is a feature request then. Why would be the caching complicated?
Because it is caching =) But OK, we will look into this.
thank you
Are you going to implement this feature?
@Caspern Not now, maybe one day.
Hi, I have noticed, that when I have secured method handleLike($id) and I create a link for this signal, it always have the same "_sec" parameter depending on value of $id. As I'm reading above, is it due to caching? Is it really safe? I am going to replace all forms (add/delete and like/unlike table record) with nextras secured-links... is it suitable?
This has nothing to do with caching. It is because for each user (session) we generate a single secret token. Generating new token for every link would clutter the user's session very fast.
Good to hear. Thanks for clarifications.