| # |
May 23rd 2018, 14:49 |
joopm |
moment i look for my source code |
| # |
May 23rd 2018, 14:48 |
 jeremyharris |
ah |
| # |
May 23rd 2018, 14:48 |
spencdev |
and because is *was* always empty |
| # |
May 23rd 2018, 14:48 |
spencdev |
Right, I got them working together but I had the same issue that it said it was always empty |
| # |
May 23rd 2018, 14:48 |
jeremyharris |
token !== csrf token |
| # |
May 23rd 2018, 14:48 |
jeremyharris |
they should work fine together @spencdev |
| # |
May 23rd 2018, 14:48 |
spencdev |
Thats what it was! |
| # |
May 23rd 2018, 14:47 |
jeremyharris |
x-csrf-token is not a header *set* by cakephp, rather one that is used on requests. So your ajax call would set that header to the csrf token (which is in $request param ‘_csrfToke’) |
| # |
May 23rd 2018, 14:47 |
spencdev |
I remember having some error when using both the CSRF and Security component. One counteracts the other one. I can't remember the specific thing that I did though. |
| # |
May 23rd 2018, 14:46 |
jeremyharris |
middleware or the controller action that needs it |
| # |
May 23rd 2018, 14:46 |
joopm |
in the app controll? |
| # |
May 23rd 2018, 14:46 |
joopm |
my first issue is that i dont know where to set up the cors header |
| # |
May 23rd 2018, 14:45 |
joopm |
yes |
| # |
May 23rd 2018, 14:45 |
joopm |
https://book.cakephp.org/3.0/en/controllers/request-response.html#setting-cross-origin-request-headers-cors |
| # |
May 23rd 2018, 14:45 |
spencdev |
Component, not package. sorry |
| # |
May 23rd 2018, 14:45 |
spencdev |
Are you using both the Security and CSFR package? |
| # |
May 23rd 2018, 14:44 |
joopm |
yes |
| # |
May 23rd 2018, 14:44 |
joopm |
i have the problem that the X-CSRF-Token header is empty |
| # |
May 23rd 2018, 14:44 |
spencdev |
Using Cake's CSRF? |
| # |
May 23rd 2018, 14:44 |
tim |
Oh jeesh how did I not get that |
| # |
May 23rd 2018, 14:44 |
spencdev |
@tim to find the bugs. |
| # |
May 23rd 2018, 14:43 |
joopm |
i am trying to implement csrf protection by CsrF Middleware |
| # |
May 23rd 2018, 14:43 |
tim |
I'm still waiting for the pesticide pun |
| # |
May 23rd 2018, 14:43 |
spencdev |
I know what it is, yeap |
| # |
May 23rd 2018, 14:43 |
joopm |
are you good at X-CSRF-Token ? |
| # |
May 23rd 2018, 14:42 |
joopm |
yeah singular or plural :D |
| # |
May 23rd 2018, 14:42 |
spencdev |
Rather the definition |
| # |
May 23rd 2018, 14:42 |
spencdev |
Not the CS singleton |
| # |
May 23rd 2018, 14:42 |
spencdev |
You said all... So when referring to 1 of those "all" it would be a singleton |
| # |
May 23rd 2018, 14:42 |
joopm |
singleton? |
| # |
May 23rd 2018, 14:41 |
spencdev |
Hello singleton |
| # |
May 23rd 2018, 14:40 |
joopm |
hello all |
| # |
May 23rd 2018, 14:37 |
spencdev |
I want someone to create a testing application called pesticide. |
| # |
May 23rd 2018, 14:37 |
camdenbassett |
@zmurphey, if you're using the jquery ajax() function, you can change the method to GET or POST. I'm not sure exactly how you're sending your form via ajax though, so you might need to change it some other way. |
| # |
May 23rd 2018, 14:34 |
jeremyharris |
smh haha |
| # |
May 23rd 2018, 14:34 |
spencdev |
I was hoping people caught the _mistaks_ part |
| # |
May 23rd 2018, 14:34 |
camdenbassett |
you could get a really high paying job if you never make mistakes |
| # |
May 23rd 2018, 14:33 |
spencdev |
haha |
| # |
May 23rd 2018, 14:33 |
jeremyharris |
then I want to hire you to do all my work |
| # |
May 23rd 2018, 14:33 |
spencdev |
I don't test code because I don't make mistaks......... |
| # |
May 23rd 2018, 14:33 |
camdenbassett |
@zmurphy, how exactly are you sending the form via ajax (eg, a plugin, custom javascript, etc); |