| # |
Apr 15th 2019, 21:06 |
 ricksaccous |
@rightscoreanalysis the short answer is you should never want to access user information in a model, the best thing to do in these cases is to pass information from the controller |
| # |
Apr 15th 2019, 21:02 |
rightscoreanalysis |
... using the CakePHP Authentication plugin |
| # |
Apr 15th 2019, 20:57 |
rightscoreanalysis |
Can I get access to the AuthUser in a model function, When I try $this->AuthUser I get a message that AuthUser is not related to the Model in question |
| # |
Apr 15th 2019, 20:01 |
feLiruc |
Hello guys... I have some foreach and my final code is full of white lines with no code... my page is with 1k lines and 5k empty lines... how can I set the cake to not generate this white lines? My code is not with blank lines |
| # |
Apr 15th 2019, 16:50 |
admad |
@phantomwatson composer create-project cakephp/app:4.x-dev |
| # |
Apr 15th 2019, 16:19 |
phantomwatson |
Good point! |
| # |
Apr 15th 2019, 16:17 |
dereuromark |
it is also easier to contribute back right away, any fixes in app or core you might find along the way. |
| # |
Apr 15th 2019, 15:58 |
dereuromark |
I usually git clone the app repo and composer update |
| # |
Apr 15th 2019, 15:55 |
phantomwatson |
I'd like to try the CakePHP 4 alpha through the app skeleton, but I'm stuck on how to run `composer create-project` specifically for the `4.x` branch. Does anyone know off of the top of their heads how to do that? |
| # |
Apr 15th 2019, 15:35 |
unclezoot |
neon, dont know mate, we're using docker + ecs here |
| # |
Apr 15th 2019, 15:19 |
neon1024 |
I’m looking to setup one of my CakePHP applications on AWS to try it ou |
| # |
Apr 15th 2019, 15:19 |
neon1024 |
unclezoot, What’s the deal with Elastic Beanstalk, is that just a shortcut for setting up the bits you need to run a PHP instance in AWS? |
| # |
Apr 15th 2019, 15:19 |
neon1024 |
Are we all trying the Cake 4 alpha? |
| # |
Apr 15th 2019, 15:04 |
jeremyharris |
ok |
| # |
Apr 15th 2019, 15:04 |
jeremyharris |
are you resetting your session each time you test new settings? |
| # |
Apr 15th 2019, 15:04 |
unclezoot |
ill keep looking at it, thanks anyway |
| # |
Apr 15th 2019, 15:04 |
unclezoot |
that's the fallback (which doesnt appear to be working) |
| # |
Apr 15th 2019, 15:03 |
unclezoot |
it's this line isnt it? Session.php: if (!isset($sessionConfig['ini']['session.cookie_secure']) andand env('HTTPS') andand ini_get('session.cookie_secure') != 1) { |
| # |
Apr 15th 2019, 15:03 |
jeremyharris |
cake passes that ini value (or sets it to secure by default) when configuring the PHP sessions so PHP should kick in with the proper security |
| # |
Apr 15th 2019, 15:02 |
jeremyharris |
it’s the session cookie and not a different cookie? |
| # |
Apr 15th 2019, 15:02 |
jeremyharris |
are you sure it |
| # |
Apr 15th 2019, 15:01 |
jeremyharris |
(taking a look at the code) |
| # |
Apr 15th 2019, 14:59 |
unclezoot |
'Cookies with the "secure" attribute are only permitted to be sent via HTTPS. Cookies sent via HTTP expose an unsuspecting user to sniffing attacks that could lead to user impersonation or compromise of the application account.' |
| # |
Apr 15th 2019, 14:58 |
unclezoot |
that's what i thought, but in Chrome Dev Tools (Application>Cookies) the Secure tickbox is not ticked, and the penetration testing report flagged this up as a 'medium risk': The cookie does not contain the "secure" attribute. |
| # |
Apr 15th 2019, 14:55 |
jeremyharris |
if you’re on ssl |
| # |
Apr 15th 2019, 14:55 |
jeremyharris |
it is set to `true` by default |
| # |
Apr 15th 2019, 14:49 |
unclezoot |
does anyone know how to set the 'secure' flag on a session cookie in cake3? 'Session.ini.session.cookie_secure' => true isnt doing anything for me |
| # |
Apr 15th 2019, 14:48 |
unclezoot |
yeah i think that's what the guy at work ended up doing, some sort of cronjob to keep the lambda alive |
| # |
Apr 15th 2019, 14:42 |
jeremyharris |
because of the warmup time - which you could ping to keep awake if you needed to |
| # |
Apr 15th 2019, 14:41 |
jeremyharris |
I use s3 and cloudfront - no need for lamda because mine is statically generated. lamda is good for little tasks that get a lot of consistent hits |
| # |
Apr 15th 2019, 14:41 |
ricksaccous |
i hardly remember anything from the course though because i don't really use AWS a lot |
| # |
Apr 15th 2019, 14:41 |
ricksaccous |
you'll still need to pay for the db but yep |
| # |
Apr 15th 2019, 14:40 |
ricksaccous |
removes the need for an ec2 instance |
| # |
Apr 15th 2019, 14:40 |
ricksaccous |
i took an aws training course, the instructor pretty much advocated using nothing but lambdas and s3 buckets to serve websites |
| # |
Apr 15th 2019, 14:36 |
neon1024 |
Wouldn’t that depend on your EC2 and S3 instances |
| # |
Apr 15th 2019, 14:36 |
unclezoot |
there's a problem with wakeing them up i believe, i.e. a cold start takes some time |
| # |
Apr 15th 2019, 14:36 |
unclezoot |
node specifically |
| # |
Apr 15th 2019, 14:35 |
unclezoot |
main guy has, he's very keen on them so will using them shortly |
| # |
Apr 15th 2019, 14:35 |
neon1024 |
Have you tried Lambdas? |
| # |
Apr 15th 2019, 14:35 |
unclezoot |
yup |
| # |
Apr 15th 2019, 14:35 |
neon1024 |
Anyone running stuff in AWS? |