| # |
Aug 22nd 2019, 10:02 |
 neon1024 |
Feels a bit hacky |
| # |
Aug 22nd 2019, 10:01 |
ndm |
in your layout |
| # |
Aug 22nd 2019, 10:01 |
ndm |
@neon1024 Assign it to a global variable |
| # |
Aug 22nd 2019, 10:01 |
ndm |
@challgren The security token, for the security component |
| # |
Aug 22nd 2019, 10:01 |
neon1024 |
Not in Javascript I can’t |
| # |
Aug 22nd 2019, 10:01 |
ndm |
You can get the token in your view from the request object `$this->getRequest->getParam('_csrfToken')` |
| # |
Aug 22nd 2019, 10:01 |
challgren |
What am I thinking of that needs updated when the form changes? |
| # |
Aug 22nd 2019, 10:01 |
neon1024 |
Hm okay, thanks for the help @ndm I’ll look into this |
| # |
Aug 22nd 2019, 10:00 |
ndm |
It needs to send alongside your ajax request, and the the token needs to be in the data too, either as header (`X-CSRF-Token`) or as a field (`_csrfToken`) |
| # |
Aug 22nd 2019, 10:00 |
neon1024 |
So httpOnly blocks js |
| # |
Aug 22nd 2019, 09:59 |
neon1024 |
So I need this cookie? |
| # |
Aug 22nd 2019, 09:59 |
ndm |
@neon1024 @challgren No, it doesn't, the form helper just conveniently injects the token, but it doesn't generate it, that happens in the middleware, and it's not realted to any content |
| # |
Aug 22nd 2019, 09:58 |
challgren |
Has pretty much everything but the kitchen sink |
| # |
Aug 22nd 2019, 09:58 |
challgren |
Yeah I might switch to it! |
| # |
Aug 22nd 2019, 09:58 |
alexdd55976 |
inspinia looks really nice. thanks |
| # |
Aug 22nd 2019, 09:57 |
yamcomnet |
Confusing.. I will still get Orders that are authenticated = 0 as results?? Not really sure how this orWhere really should work? |
| # |
Aug 22nd 2019, 09:56 |
challgren |
So wouldnt the CSRF token change if you add or remove a field? |
| # |
Aug 22nd 2019, 09:56 |
neon1024 |
:S |
| # |
Aug 22nd 2019, 09:56 |
challgren |
`The CsrfProtectionMiddleware integrates seamlessly with FormHelper. Each time you create a form with FormHelper, it will insert a hidden field containing the CSRF token.` |
| # |
Aug 22nd 2019, 09:56 |
ndm |
from the security component |
| # |
Aug 22nd 2019, 09:56 |
ndm |
That's the security token |
| # |
Aug 22nd 2019, 09:56 |
challgren |
Yeah |
| # |
Aug 22nd 2019, 09:55 |
neon1024 |
@ndm Oh really? I thought it was a hash of the form fields? |
| # |
Aug 22nd 2019, 09:55 |
neon1024 |
Although if this was true, I could easily get the cookie in JS |
| # |
Aug 22nd 2019, 09:55 |
ndm |
CSRF protection doesn't care about your form content. |
| # |
Aug 22nd 2019, 09:55 |
neon1024 |
> The CSRF Token can be obtained via the Cookie csrfToken. |
| # |
Aug 22nd 2019, 09:55 |
neon1024 |
Disabling it seems like the way to go |
| # |
Aug 22nd 2019, 09:55 |
challgren |
Yep |
| # |
Aug 22nd 2019, 09:55 |
neon1024 |
..but then I feel like I’d need an internal web service endpoint to which I can submit the form config and get a token back |
| # |
Aug 22nd 2019, 09:54 |
neon1024 |
This tiny snippet of docs makes me wonder if it is possible |
| # |
Aug 22nd 2019, 09:54 |
neon1024 |
https://book.cakephp.org/3.0/en/controllers/middleware.html#csrf-protection-and-ajax-requests |
| # |
Aug 22nd 2019, 09:54 |
challgren |
@neon1024 my option was to skip CSRF on those actions |
| # |
Aug 22nd 2019, 09:53 |
neon1024 |
As PHP will not have access to any of the form fields |
| # |
Aug 22nd 2019, 09:53 |
neon1024 |
When working in Javascript to build a form, how can I submit the correct CSRF Token? I am dynamically adding fields to the form using Javascript. So I assume the token needs to update every time a form field is added or removed? Or can I just skip the middleware for these few controller actions? |
| # |
Aug 22nd 2019, 09:49 |
alexdd55976 |
@neon1024 the paying decision is not on my... i will recommend buying a nice one, instead of hacking through some half assed free one |
| # |
Aug 22nd 2019, 09:48 |
neon1024 |
@alexdd55976 If you’re not interested in paying, there are some free ones here https://w3layouts.com/ |
| # |
Aug 22nd 2019, 09:48 |
alexdd55976 |
@challgren thx |
| # |
Aug 22nd 2019, 09:46 |
neon1024 |
@alexdd55976 We use Inspinia here http://webapplayers.com/inspinia_admin-v2.9.2/ with our own bake theme and https://github.com/friendsofcake/bootstrap-ui |
| # |
Aug 22nd 2019, 09:45 |
challgren |
@alexdd55976 I use https://github.com/BlackrockDigital/startbootstrap-sb-admin-2 but you gotta chop it up |
| # |
Aug 22nd 2019, 09:44 |
alexdd55976 |
does anyone have any expereince with some nice admin theme, based on bootstrap which works great with cake? |
| # |
Aug 22nd 2019, 09:43 |
challgren |
There is one instance where select on multiple indexes will be slow with very large datasets |