# |
Aug 15th 2019, 14:43 |
martin |
@ndm ok, will try that |
# |
Aug 15th 2019, 14:42 |
ndm |
@neon1024 You're probably not sending the `X-CSRF-Token` header... and the security token is invalid because a) `fields` is supposed to be a hash (see `\Cake\Utility\Security\SecureFieldTokenTrait::_buildFieldToken()`, and `debug` should be an array where the first element is the current URL, the second element an array of fields, and the third element an array of unlocked fields. |
# |
Aug 15th 2019, 14:39 |
neon1024 |
If it takes more than 30 minutes to setup, then it’s not worth using |
# |
Aug 15th 2019, 14:39 |
neon1024 |
Although, I’ll be honest, I am close to removing both of them to solve the problem. |
# |
Aug 15th 2019, 14:38 |
neon1024 |
I added the CsrfProtectionMiddleware and now I can’t login to my application due to `CSRF token mismatch. Cake\Http\Exception\InvalidCsrfTokenException` so I’m just working to try and find out why that is. Then I can go back to figuring out why my `_Token` used by SecurityComponent is causing a 400 Bad Request on my Ajax :slightly_smiling_face: |
# |
Aug 15th 2019, 14:36 |
neon1024 |
I’ve worked myself into a circle here, and totally lost the plot. Sorry @ndm |
# |
Aug 15th 2019, 14:35 |
ndm |
@neon1024 The debug token contains for example the fields in plain text, it's used by the security component to figure the cause for a token mismatch, so that it can tell you what exactly the problem is. |
# |
Aug 15th 2019, 14:33 |
neon1024 |
This is a nightmare! |
# |
Aug 15th 2019, 14:33 |
neon1024 |
Turning on the Csrf Middlware means I can’t even login! |
# |
Aug 15th 2019, 14:25 |
neon1024 |
I wish the SecurityComponent was easy to use ,:( |
# |
Aug 15th 2019, 14:25 |
ndm |
@martin Timezone conversion on read is coming in 4.x, you can backport the code to a custom type if you need it. Personally I'd go full UTC as mentioned by @ricksaccous, that makes avoiding pitfalls a lot easier. |
# |
Aug 15th 2019, 14:17 |
neon1024 |
Well at least now I’m getting a 400 Bad Request |
# |
Aug 15th 2019, 14:08 |
slackebot |
<neon1024> |
# |
Aug 15th 2019, 14:07 |
neon1024 |
Anyone know what the `_Token[debug]` is supposed to be? |
# |
Aug 15th 2019, 14:06 |
ricksaccous |
but i know that's the general idea |
# |
Aug 15th 2019, 14:05 |
ricksaccous |
I'm actually not sure of the "right" way to do it, heh |
# |
Aug 15th 2019, 14:05 |
ricksaccous |
and when you want to display the time to users you do a bit of handling however you see fit to display it in their timezone |
# |
Aug 15th 2019, 14:04 |
ricksaccous |
@martin generally you set your default timezone to UTC so it will be set to UTC in db |
# |
Aug 15th 2019, 14:02 |
neon1024 |
What a pain in the ass :( |
# |
Aug 15th 2019, 13:57 |
martin |
I see in the “toDatabase” function in type something happens with the timezone. But with in the toPhp noting happens? |
# |
Aug 15th 2019, 13:55 |
martin |
I’ve my default timezone to Europe/Amsterdam, I’ve added ‘timezone’ => ‘UTC’ to my database config, But when I read am item from database the timezone is of the time is Europe/Amsterdam. so it will not be converted to the Amsterdam time. Do I something wrong? |
# |
Aug 15th 2019, 13:53 |
neon1024 |
Perhaps I’ll add it once I learn how to do that |
# |
Aug 15th 2019, 13:53 |
neon1024 |
All it needs is a link with ‘Find out how to generate a token to send as a header’ |
# |
Aug 15th 2019, 13:52 |
slackebot |
<neothermic> |
# |
Aug 15th 2019, 13:51 |
slackebot |
<neon1024> |
# |
Aug 15th 2019, 13:51 |
neothermic |
(very dry sarcasm) |
# |
Aug 15th 2019, 13:51 |
neothermic |
@neon1024 https://github.com/cakephp/docs/blob/3.0/en/controllers/components/csrf.rst ;) |
# |
Aug 15th 2019, 13:44 |
neon1024 |
No code examples, links or forward user journey ,:( |
# |
Aug 15th 2019, 13:44 |
neon1024 |
Top docs here! https://book.cakephp.org/3.0/en/controllers/components/csrf.html#csrf-protection-and-ajax-requests |
# |
Aug 15th 2019, 13:38 |
maymeow |
in pm because its long :) |
# |
Aug 15th 2019, 13:34 |
ricksaccous |
can you show me the dump of post before it's saved? |
# |
Aug 15th 2019, 13:34 |
slackebot |
$this->Flash->error(__('The user could not be saved. Please, try again.')); } $roles = $this->Users->Roles->find('list', ['limit' => 200]); $this->set(compact('user', 'roles')); } ``` this function is saving model with association. In request data are field for user and address information for it... :slightly_smiling_face: So its standard and there is no problem but for update?.... |
# |
Aug 15th 2019, 13:34 |
maymeow |
``` public function add() { $user = $this->Users->newEntity(); if ($this->request->is('post')) { $user = $this->Users->patchEntity($user, $this->request->getData()); if ($this->Users->save($user)) { $this->Flash->success(__('The user has been saved.')); return $this->redirect(['controller' => 'addresses', 'action' => 'index']); } |
# |
Aug 15th 2019, 13:29 |
ricksaccous |
interesting |
# |
Aug 15th 2019, 13:26 |
maymeow |
@ricksaccous i tried in dd() and field in_folder is dirty |
# |
Aug 15th 2019, 13:21 |
ricksaccous |
you should prob make sure that post_metadata is marked as dirty @maymeow |
# |
Aug 15th 2019, 13:20 |
greenmanspirit |
Hello, I am trying to find a way to use the table policy in the Authorization plugin to limit all finds, not just a scope on a particular action, is that possible? |
# |
Aug 15th 2019, 13:20 |
ricksaccous |
also |
# |
Aug 15th 2019, 13:19 |
ricksaccous |
also make sure you are setting the appropriate property values corresponding to the other models in the entity |
# |
Aug 15th 2019, 13:19 |
ricksaccous |
save($post, ['associated' => 'PostMetaDatas.InFolders']}) or whatever your models are called |
# |
Aug 15th 2019, 13:18 |
ricksaccous |
actually that's prob what you need to do |