Log message #4184369

# At Username Text
# Apr 24th 2019, 15:02 this.impetus and as a final detail, if anyone's still listening lol, using `curl` on the generated URL now returns literally nothing, since addressed the deprecated functions
# Apr 24th 2019, 14:59 this.impetus enh. fixed the controller to non-deprecated functions. ceases to throw warnings but otherwise unchanged
# Apr 24th 2019, 14:57 this.impetus Is it just the deprecation warnings screwing things up? It's easy enough to update the plugin myself
# Apr 24th 2019, 14:54 this.impetus I am terribly confused by the output of that, and it's jsut the same as I get by pointing a browser at the route directly; http://kleinlab.psychology.dal.ca/klein2/thumb/ZWVkNzM5ZWRlM2Y5ZWI1N2YzNTVkYWZjNGM3ZjBkODRfMGZkMDRiZjRmZTc0NzcxNjgyYzdhYzk0NmIxNGEwNTguanBn is the actual link, nothing there I'm too worried about exposing if you're willing to take a peak?
# Apr 24th 2019, 14:51 this.impetus sec
# Apr 24th 2019, 14:51 neon1024 Try hitting it with `curl`
# Apr 24th 2019, 14:51 this.impetus The latter rings true
# Apr 24th 2019, 14:51 neon1024 Or it could be that the Controller serving the response isn’t setting the correct Content-Type header
# Apr 24th 2019, 14:50 neon1024 Well your issue sounds like it might be a web server issue
# Apr 24th 2019, 14:49 this.impetus hrmm. maybe I'll look into Invervention directly and see if I can spare myself debugging this, ty
# Apr 24th 2019, 14:47 neon1024 Cool, I like Intervention Image anyway :P
# Apr 24th 2019, 14:47 neon1024 Who knows, I’m playing devils advocado, as I’ve not used the Thumber plugin
# Apr 24th 2019, 14:47 neon1024 If it did point to the file the file would be served
# Apr 24th 2019, 14:47 this.impetus thumber *uses* intervention, and is built for cake, which is why I went for it, but you're the second person to suggest that
# Apr 24th 2019, 14:46 this.impetus well I gather that's why thumber uses its own routes; the URL doesn't point to the file directly, a string is generated by the plugin that presumably is translated to the actual filename
# Apr 24th 2019, 14:46 neon1024 Generating thumbnails is actually very easy with something like Intervention Image
# Apr 24th 2019, 14:46 neon1024 Same issue which Glide solved with request side auth
# Apr 24th 2019, 14:45 neon1024 Also, if that url is not secured your server is now open to DDoS attacks by someone hammering that url for different thumbnails
# Apr 24th 2019, 14:45 this.impetus Left out a key detail; when the plugin generates an img element, however, nothing is displayed
# Apr 24th 2019, 14:44 slackebot help me debug the problem on cake's terms
# Apr 24th 2019, 14:44 this.impetus morning cake wizards. I'm using a plugin that's supposed to generate thumbnails for images. It uses its own routes to point a generated URL to said thumbnail. If I plug the generated URL into my browser, it redirects to the thumbnail (after a fashion; it's not loading as an image but rather trying to read the file in as a document). I don't expect anyone to be familiar with the ins and outs of the Thumber plugin but perhaps someone can
# Apr 24th 2019, 14:35 charolastra i've uncommented the ->registerMiddleware('csrf',..) for the whole / scope but still get that InvalidCsrfTokenException
# Apr 24th 2019, 14:32 neon1024 So you wouldn’t enable the middleware in your `/api` prefix for example
# Apr 24th 2019, 14:32 neon1024 So I guess you manage it with routing
# Apr 24th 2019, 14:32 neon1024 :man-shrugging:
# Apr 24th 2019, 14:32 neon1024 > Stateless requests, for e.g. when developing an API, are not affected by CSRF so the middleware does not need to be applied for those URLs.
# Apr 24th 2019, 14:31 neon1024 Perhaps the details are in the documentation?
# Apr 24th 2019, 14:31 neon1024 https://book.cakephp.org/3.0/en/controllers/middleware.html#csrf-middleware
# Apr 24th 2019, 14:30 neon1024 You could with the component at least, and I bet the middleware has a similar thing
# Apr 24th 2019, 14:30 neon1024 You can disable it for certain controller actions if I recall
# Apr 24th 2019, 14:21 charolastra i'm trying to POST a JSON. basicly missusing it for a non-web based API where clients just push data
# Apr 24th 2019, 14:18 kaio.schmitt :,(:+1::skin-tone-2:
# Apr 24th 2019, 14:17 Martin` also i commented it out, I don't see a csrf cookie
# Apr 24th 2019, 14:17 Martin` oh yes, I believe it was already there? because I see it in my app too
# Apr 24th 2019, 14:13 charolastra saw that mentioned in previous versions. just found it in routes.php but removing it still shows "Missing CSRF token cookie"
# Apr 24th 2019, 14:11 Martin` not loaded in application.php ?
# Apr 24th 2019, 14:09 charolastra so since 3.7 the CSRF middleware is built in and not even loaded in Application.php? can it be disabled?
# Apr 24th 2019, 14:01 kaio.schmitt and instead of articles and comments I have the orders table and using several contains .. when I use this method of subquery it only does the select of the columns of orders and does not bring the rest and still of the error
# Apr 24th 2019, 13:59 slackebot <kaio.schmitt>
# Apr 24th 2019, 13:38 kaio.schmitt Good morning guys, I'm having a problem using UnionAll and then trying to do a paginate .. I tried to use it in sub query format but I did not succeed I think by the way I use several contains, can someone give me a light?
# Apr 24th 2019, 13:33 neon1024 Still not sure why the library needs that to encrypt a field