| # |
Jun 12th 2018, 13:55 |
 neon1024 |
One day I will earn contributor rights! |
| # |
Jun 12th 2018, 13:55 |
slackebot |
Action: neon1024 quickly checks the pr hasn’t already been merged |
| # |
Jun 12th 2018, 13:54 |
slackebot |
Action: neon1024 nods |
| # |
Jun 12th 2018, 13:54 |
neon1024 |
Like doing the Webservices plugin release? |
| # |
Jun 12th 2018, 13:48 |
admad |
have bigger fishes to fry :slightly_smiling_face: |
| # |
Jun 12th 2018, 13:48 |
josbeir |
its one of those.. hmm to core or not to core |
| # |
Jun 12th 2018, 13:48 |
josbeir |
:) |
| # |
Jun 12th 2018, 13:47 |
admad |
one time i wanted to add a support for `Html->meta('csrf')` to generate the tag @josbeir showEd but lazied out |
| # |
Jun 12th 2018, 13:46 |
slackebot |
Action: josbeir defeated |
| # |
Jun 12th 2018, 13:46 |
LubosR |
admad :D |
| # |
Jun 12th 2018, 13:46 |
josbeir |
:,( |
| # |
Jun 12th 2018, 13:46 |
neon1024 |
Such modesty! |
| # |
Jun 12th 2018, 13:46 |
admad |
but i am better of the best |
| # |
Jun 12th 2018, 13:45 |
admad |
its as safe as having a hidden form field with the token, which is what form helper does |
| # |
Jun 12th 2018, 13:45 |
LubosR |
josbeir, admad: you two are the best, thanks. going to give it a try |
| # |
Jun 12th 2018, 13:45 |
chrispecoraro |
@admad thanks! |
| # |
Jun 12th 2018, 13:45 |
josbeir |
<meta name="X-CSRF-Token" content="<?= $this->request->getParam('_csrfToken'); ?>"> |
| # |
Jun 12th 2018, 13:45 |
LubosR |
admad and what is the best way to get csfr token... is that something which is set in app.php and should I read? is it safe to paste it to html as meta tag? |
| # |
Jun 12th 2018, 13:44 |
admad |
s/with/which |
| # |
Jun 12th 2018, 13:44 |
admad |
set a meta tag with the token with js can read and use for header |
| # |
Jun 12th 2018, 13:43 |
admad |
LubosR: you can still create a post request by js and pass the csrf token using header |
| # |
Jun 12th 2018, 13:43 |
chrispecoraro |
I knew that... |
| # |
Jun 12th 2018, 13:42 |
admad |
@chrispecoraro tinyint(1) is how myself boolean is emulated in mysql since it doesn't have a real boolean type |
| # |
Jun 12th 2018, 13:42 |
LubosR |
josbeir admad, so the best is to add it to xhr and i guess easier to do it via FormHelper and submit whole form rather than creating data for post via javascript? |
| # |
Jun 12th 2018, 13:42 |
chrispecoraro |
Is this is the docs somewhere? |
| # |
Jun 12th 2018, 13:42 |
chrispecoraro |
@neon1024 thanks. |
| # |
Jun 12th 2018, 13:41 |
chrispecoraro |
ok, wonderful :slightly_smiling_face: |
| # |
Jun 12th 2018, 13:41 |
josbeir |
ok so Lubros, to avoid confusion, check your Application.php has CsrfProtectionMiddleware loaded, if yes: token is required, if not, check component etc |
| # |
Jun 12th 2018, 13:41 |
neon1024 |
@chrispecoraro Yeah, an `INT(1)` is marshalled by Cake as a boolean |
| # |
Jun 12th 2018, 13:41 |
admad |
in that case nothing you do in controller is gonna help :slightly_smiling_face: |
| # |
Jun 12th 2018, 13:40 |
admad |
@josbeir if he's using middleware yes |
| # |
Jun 12th 2018, 13:40 |
josbeir |
"CsrfProtectionMiddleware" |
| # |
Jun 12th 2018, 13:40 |
itmpls |
and time.. |
| # |
Jun 12th 2018, 13:40 |
chrispecoraro |
Does anybody know why a tinyint is being returned as boolean? Is there some magic because the field is `is_....`? |
| # |
Jun 12th 2018, 13:40 |
itmpls |
can't crap on it. saved who knows how much money |
| # |
Jun 12th 2018, 13:40 |
itmpls |
jQuery had its time and place and kind of still may for people who haven't learned vue/new methods |
| # |
Jun 12th 2018, 13:40 |
josbeir |
@admad the middleware first no ? |
| # |
Jun 12th 2018, 13:40 |
josbeir |
(i think), its the new middleware that checks for it |
| # |
Jun 12th 2018, 13:40 |
admad |
LubosR: csrf token check is done by csrfcomponent not securitycompnent |
| # |
Jun 12th 2018, 13:40 |
neon1024 |
@admad Although I do give you, that for speed, it sure is easy |
| # |
Jun 12th 2018, 13:39 |
josbeir |
yes Lubors |