public function beforeAction()
{
parent::beforeAction();
// define the actions in this Controller
$action = $this->request->param('action');
// restrict the request to action methods
// $this->Security->requireAjax(['create', 'delete']);
$this->Security->requirePost(['create', 'delete']);
// define the expected form fields for every action if exist
switch ($action) {
case "create":
// you can exclude form fields if you don't care if they were sent with form fields or not
$this->Security->config("form", ['fields' => ['content']]);
break;
case "delete":
// If you want to disable validation for form tampering
// $this->Security->config("validateForm", false);
$this->Security->config("form", ['fields' => ['todo_id']]);
break;
}
}