| # |
Apr 24th 2019, 14:59 |
 this.impetus |
enh. fixed the controller to non-deprecated functions. ceases to throw warnings but otherwise unchanged |
| # |
Apr 24th 2019, 14:57 |
this.impetus |
Is it just the deprecation warnings screwing things up? It's easy enough to update the plugin myself |
| # |
Apr 24th 2019, 14:54 |
this.impetus |
I am terribly confused by the output of that, and it's jsut the same as I get by pointing a browser at the route directly; http://kleinlab.psychology.dal.ca/klein2/thumb/ZWVkNzM5ZWRlM2Y5ZWI1N2YzNTVkYWZjNGM3ZjBkODRfMGZkMDRiZjRmZTc0NzcxNjgyYzdhYzk0NmIxNGEwNTguanBn is the actual link, nothing there I'm too worried about exposing if you're willing to take a peak? |
| # |
Apr 24th 2019, 14:51 |
this.impetus |
sec |
| # |
Apr 24th 2019, 14:51 |
neon1024 |
Try hitting it with `curl` |
| # |
Apr 24th 2019, 14:51 |
this.impetus |
The latter rings true |
| # |
Apr 24th 2019, 14:51 |
neon1024 |
Or it could be that the Controller serving the response isn’t setting the correct Content-Type header |
| # |
Apr 24th 2019, 14:50 |
neon1024 |
Well your issue sounds like it might be a web server issue |
| # |
Apr 24th 2019, 14:49 |
this.impetus |
hrmm. maybe I'll look into Invervention directly and see if I can spare myself debugging this, ty |
| # |
Apr 24th 2019, 14:47 |
neon1024 |
Cool, I like Intervention Image anyway :P |
| # |
Apr 24th 2019, 14:47 |
neon1024 |
Who knows, I’m playing devils advocado, as I’ve not used the Thumber plugin |
| # |
Apr 24th 2019, 14:47 |
neon1024 |
If it did point to the file the file would be served |
| # |
Apr 24th 2019, 14:47 |
this.impetus |
thumber *uses* intervention, and is built for cake, which is why I went for it, but you're the second person to suggest that |
| # |
Apr 24th 2019, 14:46 |
this.impetus |
well I gather that's why thumber uses its own routes; the URL doesn't point to the file directly, a string is generated by the plugin that presumably is translated to the actual filename |
| # |
Apr 24th 2019, 14:46 |
neon1024 |
Generating thumbnails is actually very easy with something like Intervention Image |
| # |
Apr 24th 2019, 14:46 |
neon1024 |
Same issue which Glide solved with request side auth |
| # |
Apr 24th 2019, 14:45 |
neon1024 |
Also, if that url is not secured your server is now open to DDoS attacks by someone hammering that url for different thumbnails |
| # |
Apr 24th 2019, 14:45 |
this.impetus |
Left out a key detail; when the plugin generates an img element, however, nothing is displayed |
| # |
Apr 24th 2019, 14:44 |
slackebot |
help me debug the problem on cake's terms |
| # |
Apr 24th 2019, 14:44 |
this.impetus |
morning cake wizards. I'm using a plugin that's supposed to generate thumbnails for images. It uses its own routes to point a generated URL to said thumbnail. If I plug the generated URL into my browser, it redirects to the thumbnail (after a fashion; it's not loading as an image but rather trying to read the file in as a document). I don't expect anyone to be familiar with the ins and outs of the Thumber plugin but perhaps someone can |
| # |
Apr 24th 2019, 14:35 |
charolastra |
i've uncommented the ->registerMiddleware('csrf',..) for the whole / scope but still get that InvalidCsrfTokenException |
| # |
Apr 24th 2019, 14:32 |
neon1024 |
So you wouldn’t enable the middleware in your `/api` prefix for example |
| # |
Apr 24th 2019, 14:32 |
neon1024 |
So I guess you manage it with routing |
| # |
Apr 24th 2019, 14:32 |
neon1024 |
:man-shrugging: |
| # |
Apr 24th 2019, 14:32 |
neon1024 |
> Stateless requests, for e.g. when developing an API, are not affected by CSRF so the middleware does not need to be applied for those URLs. |
| # |
Apr 24th 2019, 14:31 |
neon1024 |
Perhaps the details are in the documentation? |
| # |
Apr 24th 2019, 14:31 |
neon1024 |
https://book.cakephp.org/3.0/en/controllers/middleware.html#csrf-middleware |
| # |
Apr 24th 2019, 14:30 |
neon1024 |
You could with the component at least, and I bet the middleware has a similar thing |
| # |
Apr 24th 2019, 14:30 |
neon1024 |
You can disable it for certain controller actions if I recall |
| # |
Apr 24th 2019, 14:21 |
charolastra |
i'm trying to POST a JSON. basicly missusing it for a non-web based API where clients just push data |
| # |
Apr 24th 2019, 14:18 |
kaio.schmitt |
:,(:+1::skin-tone-2: |
| # |
Apr 24th 2019, 14:17 |
Martin` |
also i commented it out, I don't see a csrf cookie |
| # |
Apr 24th 2019, 14:17 |
Martin` |
oh yes, I believe it was already there? because I see it in my app too |
| # |
Apr 24th 2019, 14:13 |
charolastra |
saw that mentioned in previous versions. just found it in routes.php but removing it still shows "Missing CSRF token cookie" |
| # |
Apr 24th 2019, 14:11 |
Martin` |
not loaded in application.php ? |
| # |
Apr 24th 2019, 14:09 |
charolastra |
so since 3.7 the CSRF middleware is built in and not even loaded in Application.php? can it be disabled? |
| # |
Apr 24th 2019, 14:01 |
kaio.schmitt |
and instead of articles and comments I have the orders table and using several contains .. when I use this method of subquery it only does the select of the columns of orders and does not bring the rest and still of the error |
| # |
Apr 24th 2019, 13:59 |
slackebot |
<kaio.schmitt> |
| # |
Apr 24th 2019, 13:38 |
kaio.schmitt |
Good morning guys, I'm having a problem using UnionAll and then trying to do a paginate .. I tried to use it in sub query format but I did not succeed I think by the way I use several contains, can someone give me a light? |
| # |
Apr 24th 2019, 13:33 |
neon1024 |
Still not sure why the library needs that to encrypt a field |
| # |
Apr 24th 2019, 13:28 |
neon1024 |
Shame, I liked the EncryptedStringType |