# |
Aug 22nd 2019, 09:56 |
challgren |
`The CsrfProtectionMiddleware integrates seamlessly with FormHelper. Each time you create a form with FormHelper, it will insert a hidden field containing the CSRF token.` |
# |
Aug 22nd 2019, 09:56 |
ndm |
from the security component |
# |
Aug 22nd 2019, 09:56 |
ndm |
That's the security token |
# |
Aug 22nd 2019, 09:56 |
challgren |
Yeah |
# |
Aug 22nd 2019, 09:55 |
neon1024 |
@ndm Oh really? I thought it was a hash of the form fields? |
# |
Aug 22nd 2019, 09:55 |
neon1024 |
Although if this was true, I could easily get the cookie in JS |
# |
Aug 22nd 2019, 09:55 |
ndm |
CSRF protection doesn't care about your form content. |
# |
Aug 22nd 2019, 09:55 |
neon1024 |
> The CSRF Token can be obtained via the Cookie csrfToken. |
# |
Aug 22nd 2019, 09:55 |
neon1024 |
Disabling it seems like the way to go |
# |
Aug 22nd 2019, 09:55 |
challgren |
Yep |
# |
Aug 22nd 2019, 09:55 |
neon1024 |
..but then I feel like I’d need an internal web service endpoint to which I can submit the form config and get a token back |
# |
Aug 22nd 2019, 09:54 |
neon1024 |
This tiny snippet of docs makes me wonder if it is possible |
# |
Aug 22nd 2019, 09:54 |
neon1024 |
https://book.cakephp.org/3.0/en/controllers/middleware.html#csrf-protection-and-ajax-requests |
# |
Aug 22nd 2019, 09:54 |
challgren |
@neon1024 my option was to skip CSRF on those actions |
# |
Aug 22nd 2019, 09:53 |
neon1024 |
As PHP will not have access to any of the form fields |
# |
Aug 22nd 2019, 09:53 |
neon1024 |
When working in Javascript to build a form, how can I submit the correct CSRF Token? I am dynamically adding fields to the form using Javascript. So I assume the token needs to update every time a form field is added or removed? Or can I just skip the middleware for these few controller actions? |
# |
Aug 22nd 2019, 09:49 |
alexdd55976 |
@neon1024 the paying decision is not on my... i will recommend buying a nice one, instead of hacking through some half assed free one |
# |
Aug 22nd 2019, 09:48 |
neon1024 |
@alexdd55976 If you’re not interested in paying, there are some free ones here https://w3layouts.com/ |
# |
Aug 22nd 2019, 09:48 |
alexdd55976 |
@challgren thx |
# |
Aug 22nd 2019, 09:46 |
neon1024 |
@alexdd55976 We use Inspinia here http://webapplayers.com/inspinia_admin-v2.9.2/ with our own bake theme and https://github.com/friendsofcake/bootstrap-ui |
# |
Aug 22nd 2019, 09:45 |
challgren |
@alexdd55976 I use https://github.com/BlackrockDigital/startbootstrap-sb-admin-2 but you gotta chop it up |
# |
Aug 22nd 2019, 09:44 |
alexdd55976 |
does anyone have any expereince with some nice admin theme, based on bootstrap which works great with cake? |
# |
Aug 22nd 2019, 09:43 |
challgren |
There is one instance where select on multiple indexes will be slow with very large datasets |
# |
Aug 22nd 2019, 09:33 |
conehead |
Yes I have to admit I suck at databases as well. Just never thought this could have such an impact. Right now I am going through my whole database and check if I am missing some keys haha |
# |
Aug 22nd 2019, 09:30 |
neon1024 |
These days I tend to build my initial database in MySQL Workbench, so that it adds those things for me :slightly_smiling_face: |
# |
Aug 22nd 2019, 09:30 |
neon1024 |
My database skills are pretty lame. I always forget constraints and indexes |
# |
Aug 22nd 2019, 09:27 |
conehead |
Sometimes the missing key caused a timeout...and I was loading just a single entity? :S |
# |
Aug 22nd 2019, 09:25 |
neon1024 |
:thumbsup: |
# |
Aug 22nd 2019, 09:23 |
conehead |
But as usual you hinted me into the right direction @neon1024 Thanks |
# |
Aug 22nd 2019, 09:23 |
conehead |
How does this speed up things like 50 times? |
# |
Aug 22nd 2019, 09:23 |
conehead |
Actually there was an (unique) index missing |
# |
Aug 22nd 2019, 09:22 |
conehead |
Still strange that this one association sometimes slows evrything down |
# |
Aug 22nd 2019, 09:21 |
conehead |
Ah...seems to be one association. |
# |
Aug 22nd 2019, 09:20 |
conehead |
Yes |
# |
Aug 22nd 2019, 09:20 |
neon1024 |
I presume it does if it’s a primary key |
# |
Aug 22nd 2019, 09:20 |
neon1024 |
Does the column have an index? |
# |
Aug 22nd 2019, 09:17 |
conehead |
This is really confusing me. If I just select the `Documents.id` it takes like 10 seconds to load. When I remove the select statement, the data is loading within like a second (which is as well still really slow) |
# |
Aug 22nd 2019, 09:16 |
conehead |
Hmm anyone got an idea why my query slows really down as soon as I add an `select` to it? |
# |
Aug 22nd 2019, 09:09 |
neon1024 |
At least for me, I don’t use the profiler. I just use XDebug for the pretty var_dump :P |
# |
Aug 22nd 2019, 09:08 |
neon1024 |
https://php.ug/slackinvite |
# |
Aug 22nd 2019, 09:08 |
neon1024 |
I would ask in the phpug slack |