# |
Jul 16th 2019, 17:26 |
devito |
are you using any implementation of oauth2? Cause you can leverage the Client grant flow for this. |
# |
Jul 16th 2019, 17:24 |
devito |
ahh |
# |
Jul 16th 2019, 17:23 |
maxxstyle06 |
Yes |
# |
Jul 16th 2019, 17:23 |
itmpls |
so you control both domains? |
# |
Jul 16th 2019, 17:23 |
maxxstyle06 |
To my main domain which uses cakephp |
# |
Jul 16th 2019, 17:23 |
maxxstyle06 |
That is not using cakephp |
# |
Jul 16th 2019, 17:23 |
maxxstyle06 |
I’m trying to send external data from external url |
# |
Jul 16th 2019, 17:22 |
maxxstyle06 |
Sorry for late |
# |
Jul 16th 2019, 17:13 |
itmpls |
i think you might be overthinking it |
# |
Jul 16th 2019, 17:13 |
devito |
what exactly are you trying to secure max? |
# |
Jul 16th 2019, 17:13 |
itmpls |
that's how a lot of external calls are done though, on lots of sites you use.. through ajax. it's just an in-page http request |
# |
Jul 16th 2019, 17:12 |
maxxstyle06 |
Because ajax shows all datas in browser |
# |
Jul 16th 2019, 17:12 |
ricksaccous |
i'm actually probably not really qualified to help because my experience writing APIs is minimal and each time i made it very simplistic |
# |
Jul 16th 2019, 17:12 |
maxxstyle06 |
But I’m afraid that ajax will show it |
# |
Jul 16th 2019, 17:11 |
maxxstyle06 |
People suggested me jwt |
# |
Jul 16th 2019, 17:11 |
ricksaccous |
lol |
# |
Jul 16th 2019, 17:11 |
ricksaccous |
no i dunno |
# |
Jul 16th 2019, 17:11 |
maxxstyle06 |
Modicrumb do you have an idea ? |
# |
Jul 16th 2019, 17:11 |
maxxstyle06 |
Yes but it’s ajax for same domain not verify external urls |
# |
Jul 16th 2019, 17:11 |
ricksaccous |
i think you can use tokens to verify whatever, doesn't have to be login |
# |
Jul 16th 2019, 17:10 |
devito |
doesnt the cookbook have a way to post tokens via ajax? Could have sworn i seen that in there. Maybe you can leverage that? |
# |
Jul 16th 2019, 17:10 |
maxxstyle06 |
My api doesnt need login |
# |
Jul 16th 2019, 17:10 |
maxxstyle06 |
Yes but isn’t token just for login? |
# |
Jul 16th 2019, 17:10 |
ricksaccous |
i dunno |
# |
Jul 16th 2019, 17:10 |
ricksaccous |
create some token and send it over? verify it on the other side? |
# |
Jul 16th 2019, 17:09 |
maxxstyle06 |
Now I’m trying to find for alternatives for those components |
# |
Jul 16th 2019, 17:09 |
maxxstyle06 |
People will cheat |
# |
Jul 16th 2019, 17:08 |
maxxstyle06 |
But it’s not secure you know |
# |
Jul 16th 2019, 17:08 |
maxxstyle06 |
yes now I disabled components for that |
# |
Jul 16th 2019, 17:08 |
ricksaccous |
disable the components for that action? |
# |
Jul 16th 2019, 17:08 |
maxxstyle06 |
But I failed! For the first time ! |
# |
Jul 16th 2019, 17:08 |
maxxstyle06 |
This error drove me crazy :( I have been searching more than 1 month for solution |
# |
Jul 16th 2019, 17:06 |
maxxstyle06 |
they are hard to deal with when trying to send external post request to domain |
# |
Jul 16th 2019, 17:05 |
maxxstyle06 |
No it’s because of security + csrf components |
# |
Jul 16th 2019, 16:57 |
itmpls |
you'd have to whitelist that domain or use JSONP or other possible solutions |
# |
Jul 16th 2019, 16:57 |
itmpls |
XSS? |
# |
Jul 16th 2019, 16:57 |
itmpls |
'blackholed' |
# |
Jul 16th 2019, 16:54 |
maxxstyle06 |
hello please I have a problem in cakephp , so I want to send ajax post from an external website , but it keeps giving me the request has been blackholed. please I have been searching for more than 1 month to find solution for it but with no success. thanks in advance |
# |
Jul 16th 2019, 16:45 |
maxxstyle06 |
I’m new here! |
# |
Jul 16th 2019, 16:45 |
maxxstyle06 |
Hello everyone |
# |
Jul 16th 2019, 15:32 |
ricksaccous |
as long as you let it try to save even if you ->getErrors you should be fine |