Log message #4198400

# At Username Text
# Aug 15th 2019, 15:02 neon1024 If I can’t get it to work in a few hours, then, to me, it’s not worth using
# Aug 15th 2019, 15:01 neon1024 It’s clearly not easy enough to use yet
# Aug 15th 2019, 15:01 neon1024 I think I’m going to cut my losses and turn off the csrf
# Aug 15th 2019, 14:59 ricksaccous oh supreme wizard guide cake to magical glory
# Aug 15th 2019, 14:57 neon1024 We’re supposed to be getting rid of the magic
# Aug 15th 2019, 14:57 neon1024 I do not like this.
# Aug 15th 2019, 14:57 neon1024 There was me lookin the Application.php and the Princess was in the other castle :face_palm:
# Aug 15th 2019, 14:57 ndm :upside_down_face:
# Aug 15th 2019, 14:56 neon1024 ..and they say Cake is full of Magic!
# Aug 15th 2019, 14:56 neon1024 Surprise middleware
# Aug 15th 2019, 14:56 neon1024 Ah it’s in routes, and not in Application with the other Middleware!
# Aug 15th 2019, 14:55 ndm It doesn't... it couldn't if it wanted to, as the middleware has already run when the controller layer is reached. Look into your routes.
# Aug 15th 2019, 14:55 neon1024 I’ve cleared my app cache too!
# Aug 15th 2019, 14:55 slackebot <neon1024>
# Aug 15th 2019, 14:55 slackebot <neon1024>
# Aug 15th 2019, 14:54 neon1024 It seems that the SecurityComponent adds the CsrfMiddleware for you
# Aug 15th 2019, 14:54 ndm No, `FormHelper::secure()` generates the security component token `_Token`. The CSRF token is unrelated.
# Aug 15th 2019, 14:53 neon1024 I’ll continue to dig around and see what happens :slightly_smiling_face:
# Aug 15th 2019, 14:53 neon1024 So that’s progress on where I was
# Aug 15th 2019, 14:53 neon1024 Submitting that as the `_Token[fields]` just gives a Csrf mismatch exception
# Aug 15th 2019, 14:53 neon1024 So FormHelper::secure() generates the token into the hidden input `_csrfToken`
# Aug 15th 2019, 14:51 ndm I was more pointing to the `getParam()` example ;)
# Aug 15th 2019, 14:50 neon1024 Which is why I feel so lost
# Aug 15th 2019, 14:50 neon1024 This is all just SecurityComponent
# Aug 15th 2019, 14:50 neon1024 ..and I don’t have that setup either
# Aug 15th 2019, 14:50 martin hmm csrfcompontent had cookies that were readable by javascript I believe :P
# Aug 15th 2019, 14:50 neon1024 Which says to use the Middleware
# Aug 15th 2019, 14:50 ndm @neon1024 https://book.cakephp.org/3.0/en/controllers/components/csrf.html#using-the-csrfcomponent ;)
# Aug 15th 2019, 14:49 neon1024 ..and I don’t have the Csrf middleware
# Aug 15th 2019, 14:49 neon1024 I wasn’t using Javascript to read the cookie
# Aug 15th 2019, 14:49 martin you need to turn it on by the middleware
# Aug 15th 2019, 14:49 martin by default the cookie of crsf is not readable by javascript
# Aug 15th 2019, 14:49 neon1024 ..but that doesn’t work, so yeah, I’ll give it a try, thanks!
# Aug 15th 2019, 14:48 neon1024 @ndm The documentation said to use the cookie
# Aug 15th 2019, 14:48 ndm On the first request there would be no cookie
# Aug 15th 2019, 14:48 ndm @neon1024 Also you should better read the CSRF token from the request parameters, like `$this->getRequest->getParam('_csrfToken')`
# Aug 15th 2019, 14:46 martin @ndm / @ricksaccous problem is that most of tables that I use (old ones) are in Europe/Amsterdam, but this database uses in UTC so wanted to set the single database to utc :P
# Aug 15th 2019, 14:45 ndm `_Token[fields]` still wrong... or copy pasta error
# Aug 15th 2019, 14:45 neon1024 ..because `[]` !== `''` ?
# Aug 15th 2019, 14:44 slackebot <neon1024>
# Aug 15th 2019, 14:44 neon1024 Yep, I’ve done that