| # |
Apr 24th 2019, 14:44 |
 this.impetus |
morning cake wizards. I'm using a plugin that's supposed to generate thumbnails for images. It uses its own routes to point a generated URL to said thumbnail. If I plug the generated URL into my browser, it redirects to the thumbnail (after a fashion; it's not loading as an image but rather trying to read the file in as a document). I don't expect anyone to be familiar with the ins and outs of the Thumber plugin but perhaps someone can |
| # |
Apr 24th 2019, 14:35 |
charolastra |
i've uncommented the ->registerMiddleware('csrf',..) for the whole / scope but still get that InvalidCsrfTokenException |
| # |
Apr 24th 2019, 14:32 |
neon1024 |
So you wouldn’t enable the middleware in your `/api` prefix for example |
| # |
Apr 24th 2019, 14:32 |
neon1024 |
So I guess you manage it with routing |
| # |
Apr 24th 2019, 14:32 |
neon1024 |
:man-shrugging: |
| # |
Apr 24th 2019, 14:32 |
neon1024 |
> Stateless requests, for e.g. when developing an API, are not affected by CSRF so the middleware does not need to be applied for those URLs. |
| # |
Apr 24th 2019, 14:31 |
neon1024 |
Perhaps the details are in the documentation? |
| # |
Apr 24th 2019, 14:31 |
neon1024 |
https://book.cakephp.org/3.0/en/controllers/middleware.html#csrf-middleware |
| # |
Apr 24th 2019, 14:30 |
neon1024 |
You could with the component at least, and I bet the middleware has a similar thing |
| # |
Apr 24th 2019, 14:30 |
neon1024 |
You can disable it for certain controller actions if I recall |
| # |
Apr 24th 2019, 14:21 |
charolastra |
i'm trying to POST a JSON. basicly missusing it for a non-web based API where clients just push data |
| # |
Apr 24th 2019, 14:18 |
kaio.schmitt |
:,(:+1::skin-tone-2: |
| # |
Apr 24th 2019, 14:17 |
Martin` |
also i commented it out, I don't see a csrf cookie |
| # |
Apr 24th 2019, 14:17 |
Martin` |
oh yes, I believe it was already there? because I see it in my app too |
| # |
Apr 24th 2019, 14:13 |
charolastra |
saw that mentioned in previous versions. just found it in routes.php but removing it still shows "Missing CSRF token cookie" |
| # |
Apr 24th 2019, 14:11 |
Martin` |
not loaded in application.php ? |
| # |
Apr 24th 2019, 14:09 |
charolastra |
so since 3.7 the CSRF middleware is built in and not even loaded in Application.php? can it be disabled? |
| # |
Apr 24th 2019, 14:01 |
kaio.schmitt |
and instead of articles and comments I have the orders table and using several contains .. when I use this method of subquery it only does the select of the columns of orders and does not bring the rest and still of the error |
| # |
Apr 24th 2019, 13:59 |
slackebot |
<kaio.schmitt> |
| # |
Apr 24th 2019, 13:38 |
kaio.schmitt |
Good morning guys, I'm having a problem using UnionAll and then trying to do a paginate .. I tried to use it in sub query format but I did not succeed I think by the way I use several contains, can someone give me a light? |
| # |
Apr 24th 2019, 13:33 |
neon1024 |
Still not sure why the library needs that to encrypt a field |
| # |
Apr 24th 2019, 13:28 |
neon1024 |
Shame, I liked the EncryptedStringType |
| # |
Apr 24th 2019, 13:28 |
neon1024 |
Guess I’ll use an entity mutator method |
| # |
Apr 24th 2019, 13:11 |
asdfgh |
ok |
| # |
Apr 24th 2019, 12:49 |
neon1024 |
@asdfgh Yes, it should do |
| # |
Apr 24th 2019, 12:49 |
neon1024 |
@admad Oh yeah, I’ve done all that already, this is a library I’m implementing into my table class, but perhaps I can pass data through from the table schema method :slightly_smiling_face: |
| # |
Apr 24th 2019, 12:28 |
asdfgh |
neon1024 is working your proffer plugin with the last 3.7 ? |
| # |
Apr 24th 2019, 12:23 |
narendravaghela |
@neon1024 Yes, I just need it temporary. Command will run as a shell on actual server. |
| # |
Apr 24th 2019, 12:08 |
admad |
@neon1024 you are supposed to just registry the new type class using `Type::map()` and then specify the type for required table using table schema in `Table::_initializeSchema()` |
| # |
Apr 24th 2019, 11:53 |
charolastra |
what happened to the baking from table definitions in the tutorials? |
| # |
Apr 24th 2019, 11:45 |
neon1024 |
As Type classes don’t know the table or field |
| # |
Apr 24th 2019, 11:45 |
slackebot |
<neon1024> |
| # |
Apr 24th 2019, 11:44 |
neon1024 |
`public function __construct( CipherSweet $engine, $tableName = ‘’, $fieldName = ‘’, $useTypedIndexes = false ) ` |
| # |
Apr 24th 2019, 11:44 |
neon1024 |
This is problematic |
| # |
Apr 24th 2019, 11:44 |
neon1024 |
So I’m trying to implement https://github.com/paragonie/ciphersweet/tree/master/docs into a custom data type class |
| # |
Apr 24th 2019, 11:18 |
slackebot |
Action: neon1024 goes back to the corner |
| # |
Apr 24th 2019, 11:18 |
neon1024 |
Oh, for testing. I missed that bit |
| # |
Apr 24th 2019, 11:18 |
neon1024 |
So it would open an attack vector |
| # |
Apr 24th 2019, 11:17 |
neon1024 |
As it’ll execute commands with the same permissions as PHP |
| # |
Apr 24th 2019, 11:17 |
neon1024 |
Isn’t `exec()` dangerous |
| # |
Apr 24th 2019, 11:14 |
narendravaghela |
thanks @admad |