mysiteonline™

As I'm working on a desktop application that needs to connect to the database backend, and CakePHP provides an awesome mechanism for REST or AJAX communication (as well as data validation), I decided to have my desktop application talk directly through the Cake interface to do its magic.

Unfortunately, I was also using CakePHP's rather secure Security component to prevent XSS/CSRF attacks. The problem is that because the desktop application was directly accessing the method with data and bypassing CakePHP's FormHelper automatically created (and Security Component friendly) rendered HTML, it was failing (and because it wouldn't even get to the action since the Security Component was set in the AppController, I couldn't even use $this->log($this, LOG_DEBUG) to see what was happening).

After searching for a good 30 minutes or so, I came across this archived Google Group post by franky06l:
if(isset($this->Security) && $this->action == 'myaction')) $this->Security->enabled = false;I updated this to only be used in my specific controller's action, as so:
function beforeFilter(){ parent::beforeFilter(); if(isset($this->Security) && $this->RequestHandler->isAjax() && $this->action == 'add'){ $this->Security->enabled = false; } }Voila! It now works as expected.

Note: One will need to be extra cautious when disabling the Security Component. The Security Component takes care of a lot of issues for us automatically, by disabling it, you're opening yourself up to some possible troubles. Extra precaution is recommended, and I relinquish myself from any use of the above code that may cause harm - use at your own peril (or absolute need)! :D