| # |
Jul 12th 2019, 12:11 |
 noel |
@igreat POST still gives CSRF error on both `https://mnr-be:8890/devices.json` and `https://mnr-be:8890/devices/add.json` |
| # |
Jul 12th 2019, 12:10 |
igreat |
Also check the POST for same request url |
| # |
Jul 12th 2019, 12:09 |
igreat |
Good |
| # |
Jul 12th 2019, 12:09 |
noel |
@igreat ok that works for the GET now with the router prefix |
| # |
Jul 12th 2019, 12:07 |
igreat |
So try this request with GET https://app.test:8890/api/devices.json |
| # |
Jul 12th 2019, 12:04 |
noel |
And sending a `POST` still complains about the missing CSRF cookie. |
| # |
Jul 12th 2019, 12:01 |
noel |
@igreat looks like it requires a different folder structure (and adjusted namespace) for DevicesController and templates when using the `api` prefix. I've done this but now I'm getting: `Error: A route matching "array ( 'action' => 'add', 'prefix' => 'api', 'plugin' => NULL, 'controller' => 'Devices', '_ext' => NULL, )" could not be found.` |
| # |
Jul 12th 2019, 12:00 |
noel |
@admad cool tx. Trying to disable CSRF protection and failing... all the above are attempts at this. |
| # |
Jul 12th 2019, 11:57 |
admad |
stateless APIs don't need CSRF protection |
| # |
Jul 12th 2019, 11:53 |
noel |
`https://app.test:8890/api/devices/index.json` |
| # |
Jul 12th 2019, 11:53 |
igreat |
What is your request like @noel? |
| # |
Jul 12th 2019, 11:50 |
noel |
I've tried the routing prefix now but I still get the `Error: ApiController could not be found.` message. |
| # |
Jul 12th 2019, 11:49 |
noel |
I'm also confused because it sounded like your initial suggestion was to disable CSRF, which as I understand it is a controller event, but then you were talking about applying that as router middleware. |
| # |
Jul 12th 2019, 11:49 |
igreat |
If you are not accessing a resource route or if you did not make `DevicesController` a resource route that error could occur |
| # |
Jul 12th 2019, 11:47 |
igreat |
But this should give a fix or a direction to what I suggest http://www.bravo-kernel.com/2015/04/how-to-prefix-route-a-cakephp-3-rest-api/ |
| # |
Jul 12th 2019, 11:46 |
noel |
Also I don't understand why we would want an ApiController – since the actions are controlled by the Devices controller. I would have expected that the routing should direct to this controller for the `/api/devices/` route. |
| # |
Jul 12th 2019, 11:46 |
igreat |
At the time of making the tutorial, I think middleware has not implemented the it is now, hence that part was not included |
| # |
Jul 12th 2019, 11:43 |
igreat |
Let me see |
| # |
Jul 12th 2019, 11:42 |
igreat |
Ok |
| # |
Jul 12th 2019, 11:34 |
noel |
@igreat no I don't have an ApiController. I'm following this tutorial: http://www.bravo-kernel.com/2015/04/how-to-build-a-cakephp-3-rest-api-in-minutes/ but it doesn't seem to work – they don't mention CORS issues, nor do they mention adding an `api` route nor ApiController. |
| # |
Jul 12th 2019, 11:33 |
igreat |
@noel but you have ApiController? |
| # |
Jul 12th 2019, 11:32 |
igreat |
You should see that somewhere around line 50 and 58 of your routes.php file |
| # |
Jul 12th 2019, 11:28 |
noel |
@igreat oh. Ok but when I do that it says: "ApiController could not be found" |
| # |
Jul 12th 2019, 11:27 |
igreat |
Oooh, so not to use the CSRF middleware which is registered and applied in the `Router::scope('/', function (RouteBuilder $routes)` |
| # |
Jul 12th 2019, 11:25 |
noel |
@igreat which I would want to do because... ? |
| # |
Jul 12th 2019, 11:25 |
igreat |
In your routes.php file you can make a diff `Router::scope()` function outside the `Router::scope('/', function (RouteBuilder $routes)` |
| # |
Jul 12th 2019, 11:20 |
noel |
@igreat umm.. not sure what to do with the snippet you've shown. |
| # |
Jul 12th 2019, 11:17 |
igreat |
@noel Ok, I need to do it with 3.7 |
| # |
Jul 12th 2019, 11:15 |
slackebot |
<igreat> |
| # |
Jul 12th 2019, 11:13 |
noel |
@igreat although that was back in 2.x, so maybe it has changed. There was `./Console/cake AclExtras.AclExtras aco_sync` |
| # |
Jul 12th 2019, 11:11 |
noel |
@igreat I've done ACL before (quite a while ago). There's some CLI stuff to help you manage it iirc |
| # |
Jul 12th 2019, 11:10 |
noel |
@igreat disabling CSRF as per those links doesn't seem to help. I assume that snippet is for the controller? (You said routes). |
| # |
Jul 12th 2019, 11:10 |
igreat |
Guys I want to create an ACL in project using the Authorization and Authentication plugins, any headway on how to go about it? |
| # |
Jul 12th 2019, 11:06 |
neon1024 |
As you know the expected outcome |
| # |
Jul 12th 2019, 11:06 |
neon1024 |
I would probably start with TDD |
| # |
Jul 12th 2019, 11:05 |
half2me |
anyway, maybe I’ll just try to write some simple logic |
| # |
Jul 12th 2019, 11:05 |
half2me |
but I would need it to just cover basic hasOne and hasMany cases |
| # |
Jul 12th 2019, 11:05 |
half2me |
I know with complex scenarios it can get out of hand |
| # |
Jul 12th 2019, 11:05 |
half2me |
and it would take care of updating them |
| # |
Jul 12th 2019, 11:05 |
neon1024 |
I didn’t bother in the end, it was too complicated |
| # |
Jul 12th 2019, 11:04 |
half2me |
yeah, I was thinking of just a simple merger, where you could tell it what associations to look at |