| # |
Jun 12th 2018, 13:44 |
 admad |
s/with/which |
| # |
Jun 12th 2018, 13:44 |
admad |
set a meta tag with the token with js can read and use for header |
| # |
Jun 12th 2018, 13:43 |
admad |
LubosR: you can still create a post request by js and pass the csrf token using header |
| # |
Jun 12th 2018, 13:43 |
chrispecoraro |
I knew that... |
| # |
Jun 12th 2018, 13:42 |
admad |
@chrispecoraro tinyint(1) is how myself boolean is emulated in mysql since it doesn't have a real boolean type |
| # |
Jun 12th 2018, 13:42 |
LubosR |
josbeir admad, so the best is to add it to xhr and i guess easier to do it via FormHelper and submit whole form rather than creating data for post via javascript? |
| # |
Jun 12th 2018, 13:42 |
chrispecoraro |
Is this is the docs somewhere? |
| # |
Jun 12th 2018, 13:42 |
chrispecoraro |
@neon1024 thanks. |
| # |
Jun 12th 2018, 13:41 |
chrispecoraro |
ok, wonderful :slightly_smiling_face: |
| # |
Jun 12th 2018, 13:41 |
josbeir |
ok so Lubros, to avoid confusion, check your Application.php has CsrfProtectionMiddleware loaded, if yes: token is required, if not, check component etc |
| # |
Jun 12th 2018, 13:41 |
neon1024 |
@chrispecoraro Yeah, an `INT(1)` is marshalled by Cake as a boolean |
| # |
Jun 12th 2018, 13:41 |
admad |
in that case nothing you do in controller is gonna help :slightly_smiling_face: |
| # |
Jun 12th 2018, 13:40 |
admad |
@josbeir if he's using middleware yes |
| # |
Jun 12th 2018, 13:40 |
josbeir |
"CsrfProtectionMiddleware" |
| # |
Jun 12th 2018, 13:40 |
itmpls |
and time.. |
| # |
Jun 12th 2018, 13:40 |
chrispecoraro |
Does anybody know why a tinyint is being returned as boolean? Is there some magic because the field is `is_....`? |
| # |
Jun 12th 2018, 13:40 |
itmpls |
can't crap on it. saved who knows how much money |
| # |
Jun 12th 2018, 13:40 |
itmpls |
jQuery had its time and place and kind of still may for people who haven't learned vue/new methods |
| # |
Jun 12th 2018, 13:40 |
josbeir |
@admad the middleware first no ? |
| # |
Jun 12th 2018, 13:40 |
josbeir |
(i think), its the new middleware that checks for it |
| # |
Jun 12th 2018, 13:40 |
admad |
LubosR: csrf token check is done by csrfcomponent not securitycompnent |
| # |
Jun 12th 2018, 13:40 |
neon1024 |
@admad Although I do give you, that for speed, it sure is easy |
| # |
Jun 12th 2018, 13:39 |
josbeir |
yes Lubors |
| # |
Jun 12th 2018, 13:39 |
josbeir |
nothing to do with Vue |
| # |
Jun 12th 2018, 13:39 |
LubosR |
josbeir: even when I use unlockActions? |
| # |
Jun 12th 2018, 13:39 |
neon1024 |
Learning Vue.js has made jQuery feel very retarded to me |
| # |
Jun 12th 2018, 13:38 |
admad |
@neon1024 including jquery adds hardly any noticeable slowdown and i already know how to do these stuff with jquery to not bother learning how to do it without jquery :slightly_smiling_face: |
| # |
Jun 12th 2018, 13:38 |
josbeir |
you need to pass the CSRF token in your headers Lubors |
| # |
Jun 12th 2018, 13:38 |
LubosR |
Hi there, any idea why I am getting "CSRF token mismatch." when doing ajax request even when I whitelisted action via security comopnent unlockedActions |
| # |
Jun 12th 2018, 13:38 |
loginews |
File uploaded https://cakesf.slack.com/files/U435V89H8/FB5QUJYJ0/strange_character_loss.php / https://slack-files.com/T053DPNCM-FB5QUJYJ0-ef5069aef0 - Any idea why 00N becomes 00-n ? |
| # |
Jun 12th 2018, 13:38 |
josbeir |
yeah, i mostly just made a custom helper or something, but i have seen the light |
| # |
Jun 12th 2018, 13:37 |
admad |
widgets are sweet |
| # |
Jun 12th 2018, 13:36 |
josbeir |
i should have really invested some more time in form widgets ages ago, such a nice feature in cake 3 :) |
| # |
Jun 12th 2018, 13:34 |
josbeir |
and its pretty confusing when coming from oldskool ajax requests, you need to to define the output time first so when you try to debug your request and didn't define the output type ... |
| # |
Jun 12th 2018, 13:33 |
itmpls |
right.. |
| # |
Jun 12th 2018, 13:33 |
josbeir |
lame error handling but it works |
| # |
Jun 12th 2018, 13:33 |
neon1024 |
Although you’d have to polyfill for older browsers |
| # |
Jun 12th 2018, 13:33 |
josbeir |
fetch has its own issues tho |
| # |
Jun 12th 2018, 13:33 |
josbeir |
fetch() => XMLHttpRequest |
| # |
Jun 12th 2018, 13:33 |
neon1024 |
No, not really, as you could use `fetch()` nowadays |
| # |
Jun 12th 2018, 13:33 |
itmpls |
last time i looked there were a ton of inconsistencies, but that was ie7ish days |