Log message #4198376

# At Username Text
# Aug 15th 2019, 14:50 neon1024 ..and I don’t have that setup either
# Aug 15th 2019, 14:50 martin hmm csrfcompontent had cookies that were readable by javascript I believe :P
# Aug 15th 2019, 14:50 neon1024 Which says to use the Middleware
# Aug 15th 2019, 14:50 ndm @neon1024 https://book.cakephp.org/3.0/en/controllers/components/csrf.html#using-the-csrfcomponent ;)
# Aug 15th 2019, 14:49 neon1024 ..and I don’t have the Csrf middleware
# Aug 15th 2019, 14:49 neon1024 I wasn’t using Javascript to read the cookie
# Aug 15th 2019, 14:49 martin you need to turn it on by the middleware
# Aug 15th 2019, 14:49 martin by default the cookie of crsf is not readable by javascript
# Aug 15th 2019, 14:49 neon1024 ..but that doesn’t work, so yeah, I’ll give it a try, thanks!
# Aug 15th 2019, 14:48 neon1024 @ndm The documentation said to use the cookie
# Aug 15th 2019, 14:48 ndm On the first request there would be no cookie
# Aug 15th 2019, 14:48 ndm @neon1024 Also you should better read the CSRF token from the request parameters, like `$this->getRequest->getParam('_csrfToken')`
# Aug 15th 2019, 14:46 martin @ndm / @ricksaccous problem is that most of tables that I use (old ones) are in Europe/Amsterdam, but this database uses in UTC so wanted to set the single database to utc :P
# Aug 15th 2019, 14:45 ndm `_Token[fields]` still wrong... or copy pasta error
# Aug 15th 2019, 14:45 neon1024 ..because `[]` !== `''` ?
# Aug 15th 2019, 14:44 slackebot <neon1024>
# Aug 15th 2019, 14:44 neon1024 Yep, I’ve done that
# Aug 15th 2019, 14:43 ndm @neon1024 See `\Cake\View\Helper\FormHelper::secure()` also.
# Aug 15th 2019, 14:43 martin @ndm ok, will try that
# Aug 15th 2019, 14:42 ndm @neon1024 You're probably not sending the `X-CSRF-Token` header... and the security token is invalid because a) `fields` is supposed to be a hash (see `\Cake\Utility\Security\SecureFieldTokenTrait::_buildFieldToken()`, and `debug` should be an array where the first element is the current URL, the second element an array of fields, and the third element an array of unlocked fields.
# Aug 15th 2019, 14:39 neon1024 If it takes more than 30 minutes to setup, then it’s not worth using
# Aug 15th 2019, 14:39 neon1024 Although, I’ll be honest, I am close to removing both of them to solve the problem.
# Aug 15th 2019, 14:38 neon1024 I added the CsrfProtectionMiddleware and now I can’t login to my application due to `CSRF token mismatch. Cake\Http\Exception\InvalidCsrfTokenException` so I’m just working to try and find out why that is. Then I can go back to figuring out why my `_Token` used by SecurityComponent is causing a 400 Bad Request on my Ajax :slightly_smiling_face:
# Aug 15th 2019, 14:36 neon1024 I’ve worked myself into a circle here, and totally lost the plot. Sorry @ndm
# Aug 15th 2019, 14:35 ndm @neon1024 The debug token contains for example the fields in plain text, it's used by the security component to figure the cause for a token mismatch, so that it can tell you what exactly the problem is.
# Aug 15th 2019, 14:33 neon1024 This is a nightmare!
# Aug 15th 2019, 14:33 neon1024 Turning on the Csrf Middlware means I can’t even login!
# Aug 15th 2019, 14:25 neon1024 I wish the SecurityComponent was easy to use ,:(
# Aug 15th 2019, 14:25 ndm @martin Timezone conversion on read is coming in 4.x, you can backport the code to a custom type if you need it. Personally I'd go full UTC as mentioned by @ricksaccous, that makes avoiding pitfalls a lot easier.
# Aug 15th 2019, 14:17 neon1024 Well at least now I’m getting a 400 Bad Request
# Aug 15th 2019, 14:08 slackebot <neon1024>
# Aug 15th 2019, 14:07 neon1024 Anyone know what the `_Token[debug]` is supposed to be?
# Aug 15th 2019, 14:06 ricksaccous but i know that's the general idea
# Aug 15th 2019, 14:05 ricksaccous I'm actually not sure of the "right" way to do it, heh
# Aug 15th 2019, 14:05 ricksaccous and when you want to display the time to users you do a bit of handling however you see fit to display it in their timezone
# Aug 15th 2019, 14:04 ricksaccous @martin generally you set your default timezone to UTC so it will be set to UTC in db
# Aug 15th 2019, 14:02 neon1024 What a pain in the ass :(
# Aug 15th 2019, 13:57 martin I see in the “toDatabase” function in type something happens with the timezone. But with in the toPhp noting happens?
# Aug 15th 2019, 13:55 martin I’ve my default timezone to Europe/Amsterdam, I’ve added ‘timezone’ => ‘UTC’ to my database config, But when I read am item from database the timezone is of the time is Europe/Amsterdam. so it will not be converted to the Amsterdam time. Do I something wrong?
# Aug 15th 2019, 13:53 neon1024 Perhaps I’ll add it once I learn how to do that
# Aug 15th 2019, 13:53 neon1024 All it needs is a link with ‘Find out how to generate a token to send as a header’