# |
Aug 15th 2019, 15:02 |
neon1024 |
If I can’t get it to work in a few hours, then, to me, it’s not worth using |
# |
Aug 15th 2019, 15:01 |
neon1024 |
It’s clearly not easy enough to use yet |
# |
Aug 15th 2019, 15:01 |
neon1024 |
I think I’m going to cut my losses and turn off the csrf |
# |
Aug 15th 2019, 14:59 |
ricksaccous |
oh supreme wizard guide cake to magical glory |
# |
Aug 15th 2019, 14:57 |
neon1024 |
We’re supposed to be getting rid of the magic |
# |
Aug 15th 2019, 14:57 |
neon1024 |
I do not like this. |
# |
Aug 15th 2019, 14:57 |
neon1024 |
There was me lookin the Application.php and the Princess was in the other castle :face_palm: |
# |
Aug 15th 2019, 14:57 |
ndm |
:upside_down_face: |
# |
Aug 15th 2019, 14:56 |
neon1024 |
..and they say Cake is full of Magic! |
# |
Aug 15th 2019, 14:56 |
neon1024 |
Surprise middleware |
# |
Aug 15th 2019, 14:56 |
neon1024 |
Ah it’s in routes, and not in Application with the other Middleware! |
# |
Aug 15th 2019, 14:55 |
ndm |
It doesn't... it couldn't if it wanted to, as the middleware has already run when the controller layer is reached. Look into your routes. |
# |
Aug 15th 2019, 14:55 |
neon1024 |
I’ve cleared my app cache too! |
# |
Aug 15th 2019, 14:55 |
slackebot |
<neon1024> |
# |
Aug 15th 2019, 14:55 |
slackebot |
<neon1024> |
# |
Aug 15th 2019, 14:54 |
neon1024 |
It seems that the SecurityComponent adds the CsrfMiddleware for you |
# |
Aug 15th 2019, 14:54 |
ndm |
No, `FormHelper::secure()` generates the security component token `_Token`. The CSRF token is unrelated. |
# |
Aug 15th 2019, 14:53 |
neon1024 |
I’ll continue to dig around and see what happens :slightly_smiling_face: |
# |
Aug 15th 2019, 14:53 |
neon1024 |
So that’s progress on where I was |
# |
Aug 15th 2019, 14:53 |
neon1024 |
Submitting that as the `_Token[fields]` just gives a Csrf mismatch exception |
# |
Aug 15th 2019, 14:53 |
neon1024 |
So FormHelper::secure() generates the token into the hidden input `_csrfToken` |
# |
Aug 15th 2019, 14:51 |
ndm |
I was more pointing to the `getParam()` example ;) |
# |
Aug 15th 2019, 14:50 |
neon1024 |
Which is why I feel so lost |
# |
Aug 15th 2019, 14:50 |
neon1024 |
This is all just SecurityComponent |
# |
Aug 15th 2019, 14:50 |
neon1024 |
..and I don’t have that setup either |
# |
Aug 15th 2019, 14:50 |
martin |
hmm csrfcompontent had cookies that were readable by javascript I believe :P |
# |
Aug 15th 2019, 14:50 |
neon1024 |
Which says to use the Middleware |
# |
Aug 15th 2019, 14:50 |
ndm |
@neon1024 https://book.cakephp.org/3.0/en/controllers/components/csrf.html#using-the-csrfcomponent ;) |
# |
Aug 15th 2019, 14:49 |
neon1024 |
..and I don’t have the Csrf middleware |
# |
Aug 15th 2019, 14:49 |
neon1024 |
I wasn’t using Javascript to read the cookie |
# |
Aug 15th 2019, 14:49 |
martin |
you need to turn it on by the middleware |
# |
Aug 15th 2019, 14:49 |
martin |
by default the cookie of crsf is not readable by javascript |
# |
Aug 15th 2019, 14:49 |
neon1024 |
..but that doesn’t work, so yeah, I’ll give it a try, thanks! |
# |
Aug 15th 2019, 14:48 |
neon1024 |
@ndm The documentation said to use the cookie |
# |
Aug 15th 2019, 14:48 |
ndm |
On the first request there would be no cookie |
# |
Aug 15th 2019, 14:48 |
ndm |
@neon1024 Also you should better read the CSRF token from the request parameters, like `$this->getRequest->getParam('_csrfToken')` |
# |
Aug 15th 2019, 14:46 |
martin |
@ndm / @ricksaccous problem is that most of tables that I use (old ones) are in Europe/Amsterdam, but this database uses in UTC so wanted to set the single database to utc :P |
# |
Aug 15th 2019, 14:45 |
ndm |
`_Token[fields]` still wrong... or copy pasta error |
# |
Aug 15th 2019, 14:45 |
neon1024 |
..because `[]` !== `''` ? |
# |
Aug 15th 2019, 14:44 |
slackebot |
<neon1024> |
# |
Aug 15th 2019, 14:44 |
neon1024 |
Yep, I’ve done that |