# |
Aug 15th 2019, 15:04 |
ricksaccous |
you were ridiculed at a conference for using cake? |
# |
Aug 15th 2019, 15:04 |
ricksaccous |
lol |
# |
Aug 15th 2019, 15:04 |
neon1024 |
It’s horrible and it’s choices like that which drive that opinion |
# |
Aug 15th 2019, 15:04 |
neon1024 |
If you’ve ever been personally ridiculed at a conference for using CakePHP you’ll know what I mean |
# |
Aug 15th 2019, 15:03 |
neon1024 |
Which I’d love to dispel, but I just can’t |
# |
Aug 15th 2019, 15:03 |
neon1024 |
Plus the whole magic thing is an age old critisim of Cake generally |
# |
Aug 15th 2019, 15:03 |
ricksaccous |
i'm just pulling your leg |
# |
Aug 15th 2019, 15:03 |
neon1024 |
Putting middleware in the routes when the other middleware is in Application.php is misleading |
# |
Aug 15th 2019, 15:03 |
neon1024 |
I want ease of installation with an api which is descriptive |
# |
Aug 15th 2019, 15:03 |
neon1024 |
I don’t want ease of use |
# |
Aug 15th 2019, 15:02 |
ricksaccous |
> wants ease of use >dislikes magic hmmmm |
# |
Aug 15th 2019, 15:02 |
neon1024 |
Would not _Token again |
# |
Aug 15th 2019, 15:02 |
neon1024 |
Needs work C- |
# |
Aug 15th 2019, 15:02 |
neon1024 |
If I can’t get it to work in a few hours, then, to me, it’s not worth using |
# |
Aug 15th 2019, 15:01 |
neon1024 |
It’s clearly not easy enough to use yet |
# |
Aug 15th 2019, 15:01 |
neon1024 |
I think I’m going to cut my losses and turn off the csrf |
# |
Aug 15th 2019, 14:59 |
ricksaccous |
oh supreme wizard guide cake to magical glory |
# |
Aug 15th 2019, 14:57 |
neon1024 |
We’re supposed to be getting rid of the magic |
# |
Aug 15th 2019, 14:57 |
neon1024 |
I do not like this. |
# |
Aug 15th 2019, 14:57 |
neon1024 |
There was me lookin the Application.php and the Princess was in the other castle :face_palm: |
# |
Aug 15th 2019, 14:57 |
ndm |
:upside_down_face: |
# |
Aug 15th 2019, 14:56 |
neon1024 |
..and they say Cake is full of Magic! |
# |
Aug 15th 2019, 14:56 |
neon1024 |
Surprise middleware |
# |
Aug 15th 2019, 14:56 |
neon1024 |
Ah it’s in routes, and not in Application with the other Middleware! |
# |
Aug 15th 2019, 14:55 |
ndm |
It doesn't... it couldn't if it wanted to, as the middleware has already run when the controller layer is reached. Look into your routes. |
# |
Aug 15th 2019, 14:55 |
neon1024 |
I’ve cleared my app cache too! |
# |
Aug 15th 2019, 14:55 |
slackebot |
<neon1024> |
# |
Aug 15th 2019, 14:55 |
slackebot |
<neon1024> |
# |
Aug 15th 2019, 14:54 |
neon1024 |
It seems that the SecurityComponent adds the CsrfMiddleware for you |
# |
Aug 15th 2019, 14:54 |
ndm |
No, `FormHelper::secure()` generates the security component token `_Token`. The CSRF token is unrelated. |
# |
Aug 15th 2019, 14:53 |
neon1024 |
I’ll continue to dig around and see what happens :slightly_smiling_face: |
# |
Aug 15th 2019, 14:53 |
neon1024 |
So that’s progress on where I was |
# |
Aug 15th 2019, 14:53 |
neon1024 |
Submitting that as the `_Token[fields]` just gives a Csrf mismatch exception |
# |
Aug 15th 2019, 14:53 |
neon1024 |
So FormHelper::secure() generates the token into the hidden input `_csrfToken` |
# |
Aug 15th 2019, 14:51 |
ndm |
I was more pointing to the `getParam()` example ;) |
# |
Aug 15th 2019, 14:50 |
neon1024 |
Which is why I feel so lost |
# |
Aug 15th 2019, 14:50 |
neon1024 |
This is all just SecurityComponent |
# |
Aug 15th 2019, 14:50 |
neon1024 |
..and I don’t have that setup either |
# |
Aug 15th 2019, 14:50 |
martin |
hmm csrfcompontent had cookies that were readable by javascript I believe :P |
# |
Aug 15th 2019, 14:50 |
neon1024 |
Which says to use the Middleware |
# |
Aug 15th 2019, 14:50 |
ndm |
@neon1024 https://book.cakephp.org/3.0/en/controllers/components/csrf.html#using-the-csrfcomponent ;) |