# |
May 23rd 2018, 14:47 |
jeremyharris |
x-csrf-token is not a header *set* by cakephp, rather one that is used on requests. So your ajax call would set that header to the csrf token (which is in $request param ‘_csrfToke’) |
# |
May 23rd 2018, 14:47 |
spencdev |
I remember having some error when using both the CSRF and Security component. One counteracts the other one. I can't remember the specific thing that I did though. |
# |
May 23rd 2018, 14:46 |
jeremyharris |
middleware or the controller action that needs it |
# |
May 23rd 2018, 14:46 |
joopm |
in the app controll? |
# |
May 23rd 2018, 14:46 |
joopm |
my first issue is that i dont know where to set up the cors header |
# |
May 23rd 2018, 14:45 |
joopm |
yes |
# |
May 23rd 2018, 14:45 |
joopm |
https://book.cakephp.org/3.0/en/controllers/request-response.html#setting-cross-origin-request-headers-cors |
# |
May 23rd 2018, 14:45 |
spencdev |
Component, not package. sorry |
# |
May 23rd 2018, 14:45 |
spencdev |
Are you using both the Security and CSFR package? |
# |
May 23rd 2018, 14:44 |
joopm |
yes |
# |
May 23rd 2018, 14:44 |
joopm |
i have the problem that the X-CSRF-Token header is empty |
# |
May 23rd 2018, 14:44 |
spencdev |
Using Cake's CSRF? |
# |
May 23rd 2018, 14:44 |
tim |
Oh jeesh how did I not get that |
# |
May 23rd 2018, 14:44 |
spencdev |
@tim to find the bugs. |
# |
May 23rd 2018, 14:43 |
joopm |
i am trying to implement csrf protection by CsrF Middleware |
# |
May 23rd 2018, 14:43 |
tim |
I'm still waiting for the pesticide pun |
# |
May 23rd 2018, 14:43 |
spencdev |
I know what it is, yeap |
# |
May 23rd 2018, 14:43 |
joopm |
are you good at X-CSRF-Token ? |
# |
May 23rd 2018, 14:42 |
joopm |
yeah singular or plural :D |
# |
May 23rd 2018, 14:42 |
spencdev |
Rather the definition |
# |
May 23rd 2018, 14:42 |
spencdev |
Not the CS singleton |
# |
May 23rd 2018, 14:42 |
spencdev |
You said all... So when referring to 1 of those "all" it would be a singleton |
# |
May 23rd 2018, 14:42 |
joopm |
singleton? |
# |
May 23rd 2018, 14:41 |
spencdev |
Hello singleton |
# |
May 23rd 2018, 14:40 |
joopm |
hello all |
# |
May 23rd 2018, 14:37 |
spencdev |
I want someone to create a testing application called pesticide. |
# |
May 23rd 2018, 14:37 |
camdenbassett |
@zmurphey, if you're using the jquery ajax() function, you can change the method to GET or POST. I'm not sure exactly how you're sending your form via ajax though, so you might need to change it some other way. |
# |
May 23rd 2018, 14:34 |
jeremyharris |
smh haha |
# |
May 23rd 2018, 14:34 |
spencdev |
I was hoping people caught the _mistaks_ part |
# |
May 23rd 2018, 14:34 |
camdenbassett |
you could get a really high paying job if you never make mistakes |
# |
May 23rd 2018, 14:33 |
spencdev |
haha |
# |
May 23rd 2018, 14:33 |
jeremyharris |
then I want to hire you to do all my work |
# |
May 23rd 2018, 14:33 |
spencdev |
I don't test code because I don't make mistaks......... |
# |
May 23rd 2018, 14:33 |
camdenbassett |
@zmurphy, how exactly are you sending the form via ajax (eg, a plugin, custom javascript, etc); |
# |
May 23rd 2018, 14:32 |
jeremyharris |
tests will help too :P |
# |
May 23rd 2018, 14:32 |
jeremyharris |
^ |
# |
May 23rd 2018, 14:32 |
neon1024 |
Actually, I could add the typehints and see if it works couldn’t I? |
# |
May 23rd 2018, 14:31 |
neon1024 |
@zmurphy What is the value in the `_method` hidden form field? |
# |
May 23rd 2018, 14:31 |
neon1024 |
When you are creating a custom Data Type class, is it safe to typehint your method params? |
# |
May 23rd 2018, 14:30 |
zmurphy |
Anyone know any possible causes |
# |
May 23rd 2018, 14:30 |
zmurphy |
I'm having an issue where sending a form via ajax put request to my controller, but the request in the controller is reporting that it's a post request |