Home/ Questions/Q 8693709
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-13T00:36:24+00:00

I’d like to use CakePHP’s SecurityComponent to enforce app requests to be made over

  • 0

I’d like to use CakePHP’s SecurityComponent to enforce app requests to be made over SSL using requireSecure().

My issue is that by default this is a blacklist methodology – allow insecure access by default, unless explicitly prohibited in that Controller. I’d like to switch to a whitelist methodology – deny insecure access by default, unless I explicitly allow it in that Controller.

Is this functionality built into the SecurityComponent? If not, how can I set this up manually?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It doesn’t appear that this is built in by default. You could simulate this by creating a $requireSecure property of your Controllers, and then conditionally calling requireSecure() in AppController::beforeFilter(). Here’s how you would implement it:

    AppController.php:

    public $requireSecure = true;

public function beforeFilter() {
    if ($this->requireSecure) {
        $blacklist = is_array($this->requireSecure) ? $this->requireSecure : array('*');
        $this->Security->requireSecure($blacklist);
    }
}

    Whitelisted controller:

    public $requireSecure = false;

    Controller, varies by method (note that $requireSecure is a blacklist):

    public $requireSecure = array('login');

    This achieves the objective of requiring SSL by default, but being able to explicitly override this requirement in the Controller if desired.

    • 0