# |
Jun 12th 2018, 13:46 |
slackebot |
Action: josbeir defeated |
# |
Jun 12th 2018, 13:46 |
LubosR |
admad :D |
# |
Jun 12th 2018, 13:46 |
josbeir |
:,( |
# |
Jun 12th 2018, 13:46 |
neon1024 |
Such modesty! |
# |
Jun 12th 2018, 13:46 |
admad |
but i am better of the best |
# |
Jun 12th 2018, 13:45 |
admad |
its as safe as having a hidden form field with the token, which is what form helper does |
# |
Jun 12th 2018, 13:45 |
LubosR |
josbeir, admad: you two are the best, thanks. going to give it a try |
# |
Jun 12th 2018, 13:45 |
chrispecoraro |
@admad thanks! |
# |
Jun 12th 2018, 13:45 |
josbeir |
<meta name="X-CSRF-Token" content="<?= $this->request->getParam('_csrfToken'); ?>"> |
# |
Jun 12th 2018, 13:45 |
LubosR |
admad and what is the best way to get csfr token... is that something which is set in app.php and should I read? is it safe to paste it to html as meta tag? |
# |
Jun 12th 2018, 13:44 |
admad |
s/with/which |
# |
Jun 12th 2018, 13:44 |
admad |
set a meta tag with the token with js can read and use for header |
# |
Jun 12th 2018, 13:43 |
admad |
LubosR: you can still create a post request by js and pass the csrf token using header |
# |
Jun 12th 2018, 13:43 |
chrispecoraro |
I knew that... |
# |
Jun 12th 2018, 13:42 |
admad |
@chrispecoraro tinyint(1) is how myself boolean is emulated in mysql since it doesn't have a real boolean type |
# |
Jun 12th 2018, 13:42 |
LubosR |
josbeir admad, so the best is to add it to xhr and i guess easier to do it via FormHelper and submit whole form rather than creating data for post via javascript? |
# |
Jun 12th 2018, 13:42 |
chrispecoraro |
Is this is the docs somewhere? |
# |
Jun 12th 2018, 13:42 |
chrispecoraro |
@neon1024 thanks. |
# |
Jun 12th 2018, 13:41 |
chrispecoraro |
ok, wonderful :slightly_smiling_face: |
# |
Jun 12th 2018, 13:41 |
josbeir |
ok so Lubros, to avoid confusion, check your Application.php has CsrfProtectionMiddleware loaded, if yes: token is required, if not, check component etc |
# |
Jun 12th 2018, 13:41 |
neon1024 |
@chrispecoraro Yeah, an `INT(1)` is marshalled by Cake as a boolean |
# |
Jun 12th 2018, 13:41 |
admad |
in that case nothing you do in controller is gonna help :slightly_smiling_face: |
# |
Jun 12th 2018, 13:40 |
admad |
@josbeir if he's using middleware yes |
# |
Jun 12th 2018, 13:40 |
josbeir |
"CsrfProtectionMiddleware" |
# |
Jun 12th 2018, 13:40 |
itmpls |
and time.. |
# |
Jun 12th 2018, 13:40 |
chrispecoraro |
Does anybody know why a tinyint is being returned as boolean? Is there some magic because the field is `is_....`? |
# |
Jun 12th 2018, 13:40 |
itmpls |
can't crap on it. saved who knows how much money |
# |
Jun 12th 2018, 13:40 |
itmpls |
jQuery had its time and place and kind of still may for people who haven't learned vue/new methods |
# |
Jun 12th 2018, 13:40 |
josbeir |
@admad the middleware first no ? |
# |
Jun 12th 2018, 13:40 |
josbeir |
(i think), its the new middleware that checks for it |
# |
Jun 12th 2018, 13:40 |
admad |
LubosR: csrf token check is done by csrfcomponent not securitycompnent |
# |
Jun 12th 2018, 13:40 |
neon1024 |
@admad Although I do give you, that for speed, it sure is easy |
# |
Jun 12th 2018, 13:39 |
josbeir |
yes Lubors |
# |
Jun 12th 2018, 13:39 |
josbeir |
nothing to do with Vue |
# |
Jun 12th 2018, 13:39 |
LubosR |
josbeir: even when I use unlockActions? |
# |
Jun 12th 2018, 13:39 |
neon1024 |
Learning Vue.js has made jQuery feel very retarded to me |
# |
Jun 12th 2018, 13:38 |
admad |
@neon1024 including jquery adds hardly any noticeable slowdown and i already know how to do these stuff with jquery to not bother learning how to do it without jquery :slightly_smiling_face: |
# |
Jun 12th 2018, 13:38 |
josbeir |
you need to pass the CSRF token in your headers Lubors |
# |
Jun 12th 2018, 13:38 |
LubosR |
Hi there, any idea why I am getting "CSRF token mismatch." when doing ajax request even when I whitelisted action via security comopnent unlockedActions |
# |
Jun 12th 2018, 13:38 |
loginews |
File uploaded https://cakesf.slack.com/files/U435V89H8/FB5QUJYJ0/strange_character_loss.php / https://slack-files.com/T053DPNCM-FB5QUJYJ0-ef5069aef0 - Any idea why 00N becomes 00-n ? |
# |
Jun 12th 2018, 13:38 |
josbeir |
yeah, i mostly just made a custom helper or something, but i have seen the light |