secured-links icon indicating copy to clipboard operation
secured-links copied to clipboard

Published 20 hours ago verified publisher icon nextras

@secured annotation does not work with actions

Open janmarek opened this issue 10 years ago • 9 comments

It seems that only signals can be protected. But I usually use render or action methods for actions which should be protected (e.g. renderDelete).

janmarek avatar Nov 22 '13 12:11 janmarek

This is feature. Implementing support for actions would hurt performance or would require complicated caching.

JanTvrdik avatar Nov 22 '13 12:11 JanTvrdik

Ok, this is a feature request then. Why would be the caching complicated?

janmarek avatar Nov 22 '13 14:11 janmarek

Because it is caching =) But OK, we will look into this.

JanTvrdik avatar Nov 22 '13 16:11 JanTvrdik

thank you

janmarek avatar Nov 23 '13 12:11 janmarek

Are you going to implement this feature?

janedbal avatar Mar 17 '14 16:03 janedbal

@Caspern Not now, maybe one day.

JanTvrdik avatar Mar 17 '14 16:03 JanTvrdik

Hi, I have noticed, that when I have secured method handleLike($id) and I create a link for this signal, it always have the same "_sec" parameter depending on value of $id. As I'm reading above, is it due to caching? Is it really safe? I am going to replace all forms (add/delete and like/unlike table record) with nextras secured-links... is it suitable?

jelen07 avatar Oct 15 '14 14:10 jelen07

This has nothing to do with caching. It is because for each user (session) we generate a single secret token. Generating new token for every link would clutter the user's session very fast.

JanTvrdik avatar Oct 15 '14 14:10 JanTvrdik

Good to hear. Thanks for clarifications.

jelen07 avatar Oct 15 '14 14:10 jelen07