Log message #4150557

# At Username Text
# Jun 12th 2018, 13:48 admad have bigger fishes to fry :slightly_smiling_face:
# Jun 12th 2018, 13:48 josbeir its one of those.. hmm to core or not to core
# Jun 12th 2018, 13:48 josbeir :)
# Jun 12th 2018, 13:47 admad one time i wanted to add a support for `Html->meta('csrf')` to generate the tag @josbeir showEd but lazied out
# Jun 12th 2018, 13:46 slackebot Action: josbeir defeated
# Jun 12th 2018, 13:46 LubosR admad :D
# Jun 12th 2018, 13:46 josbeir :,(
# Jun 12th 2018, 13:46 neon1024 Such modesty!
# Jun 12th 2018, 13:46 admad but i am better of the best
# Jun 12th 2018, 13:45 admad its as safe as having a hidden form field with the token, which is what form helper does
# Jun 12th 2018, 13:45 LubosR josbeir, admad: you two are the best, thanks. going to give it a try
# Jun 12th 2018, 13:45 chrispecoraro @admad thanks!
# Jun 12th 2018, 13:45 josbeir <meta name="X-CSRF-Token" content="<?= $this->request->getParam('_csrfToken'); ?>">
# Jun 12th 2018, 13:45 LubosR admad and what is the best way to get csfr token... is that something which is set in app.php and should I read? is it safe to paste it to html as meta tag?
# Jun 12th 2018, 13:44 admad s/with/which
# Jun 12th 2018, 13:44 admad set a meta tag with the token with js can read and use for header
# Jun 12th 2018, 13:43 admad LubosR: you can still create a post request by js and pass the csrf token using header
# Jun 12th 2018, 13:43 chrispecoraro I knew that...
# Jun 12th 2018, 13:42 admad @chrispecoraro tinyint(1) is how myself boolean is emulated in mysql since it doesn't have a real boolean type
# Jun 12th 2018, 13:42 LubosR josbeir admad, so the best is to add it to xhr and i guess easier to do it via FormHelper and submit whole form rather than creating data for post via javascript?
# Jun 12th 2018, 13:42 chrispecoraro Is this is the docs somewhere?
# Jun 12th 2018, 13:42 chrispecoraro @neon1024 thanks.
# Jun 12th 2018, 13:41 chrispecoraro ok, wonderful :slightly_smiling_face:
# Jun 12th 2018, 13:41 josbeir ok so Lubros, to avoid confusion, check your Application.php has CsrfProtectionMiddleware loaded, if yes: token is required, if not, check component etc
# Jun 12th 2018, 13:41 neon1024 @chrispecoraro Yeah, an `INT(1)` is marshalled by Cake as a boolean
# Jun 12th 2018, 13:41 admad in that case nothing you do in controller is gonna help :slightly_smiling_face:
# Jun 12th 2018, 13:40 admad @josbeir if he's using middleware yes
# Jun 12th 2018, 13:40 josbeir "CsrfProtectionMiddleware"
# Jun 12th 2018, 13:40 itmpls and time..
# Jun 12th 2018, 13:40 chrispecoraro Does anybody know why a tinyint is being returned as boolean? Is there some magic because the field is `is_....`?
# Jun 12th 2018, 13:40 itmpls can't crap on it. saved who knows how much money
# Jun 12th 2018, 13:40 itmpls jQuery had its time and place and kind of still may for people who haven't learned vue/new methods
# Jun 12th 2018, 13:40 josbeir @admad the middleware first no ?
# Jun 12th 2018, 13:40 josbeir (i think), its the new middleware that checks for it
# Jun 12th 2018, 13:40 admad LubosR: csrf token check is done by csrfcomponent not securitycompnent
# Jun 12th 2018, 13:40 neon1024 @admad Although I do give you, that for speed, it sure is easy
# Jun 12th 2018, 13:39 josbeir yes Lubors
# Jun 12th 2018, 13:39 josbeir nothing to do with Vue
# Jun 12th 2018, 13:39 LubosR josbeir: even when I use unlockActions?
# Jun 12th 2018, 13:39 neon1024 Learning Vue.js has made jQuery feel very retarded to me
# Jun 12th 2018, 13:38 admad @neon1024 including jquery adds hardly any noticeable slowdown and i already know how to do these stuff with jquery to not bother learning how to do it without jquery :slightly_smiling_face: