CakePHP: the rapid development php framework: CakeBot

Log message #4199426

#	At	Username	Text
#	Aug 22nd 2019, 10:24	neon1024	@ndm Nor me :man-shrugging: It might just be my brain, or my bad code. I’ve historically always had issues with this part of the framework
#	Aug 22nd 2019, 10:24	neon1024	Perhaps that combined with the joins is slowing things down? Perhaps it’s worth experimenting with an offset paginator
#	Aug 22nd 2019, 10:24	ndm	@neon1024 I don't really see how that could possibly happen, unless maybe the request object is modified somewhere.
#	Aug 22nd 2019, 10:23	neon1024	@conehead Do you have lots of rows? Cake uses limit pagination by default, so it’ll load the entire result set and sub-set for the page
#	Aug 22nd 2019, 10:22	conehead	Hm neon my problem is actually not really solved with the missing index. When just executing the query the result comes really fast. When passing this query to a paginator, I get timeouts again. The (hasOne) relations that slow everything down have a condition
#	Aug 22nd 2019, 10:20	neon1024	Needs work imho
#	Aug 22nd 2019, 10:19	neon1024	RIP CSRF Middleware
#	Aug 22nd 2019, 10:19	neon1024	Lol, even the whitelist callback doesn’t work
#	Aug 22nd 2019, 10:17	neon1024	Yep
#	Aug 22nd 2019, 10:16	ndm	You mean the paramter in the request object is empty?
#	Aug 22nd 2019, 10:13	neon1024	I’ll use the whitelist callback
#	Aug 22nd 2019, 10:13	neon1024	So when I hit this page, my `_csrfToken` is empty
#	Aug 22nd 2019, 10:13	ndm	I'm not overly familiar with Vue.js, but I don't see how adding a script tag on top wouldn't work
#	Aug 22nd 2019, 10:11	neon1024	This is my template
#	Aug 22nd 2019, 10:11	slackebot2	<neon1024>
#	Aug 22nd 2019, 10:10	neon1024	I’m using Vue.js to build a component which manages the whole template
#	Aug 22nd 2019, 10:10	ndm	what does "rendering javascript" mean
#	Aug 22nd 2019, 10:10	neon1024	I think I’ll just turn off CSRF for this prefix
#	Aug 22nd 2019, 10:09	neon1024	Seems to work on other pages
#	Aug 22nd 2019, 10:09	neon1024	Adding the token to the layout doesn’t work when I’m redering my javascript
#	Aug 22nd 2019, 10:09	challgren	Ahh ok
#	Aug 22nd 2019, 10:09	ndm	@challgren Oh wait, I think I misunderstood you... the cookie would be there. Still I think passing the value to JS is cleaner, no need to parse the cookie string, and to make the cookie insecure
#	Aug 22nd 2019, 10:09	hippo	``` $this->enableCsrfToken(); $this->enableSecurityToken(); ```
#	Aug 22nd 2019, 10:08	challgren	Is there anyway to explicitly turn it on?
#	Aug 22nd 2019, 10:08	hippo	Yes
#	Aug 22nd 2019, 10:08	challgren	Ok so heres a question when doing Integration Testing isn’t the CSRF token check disabled?
#	Aug 22nd 2019, 10:03	ndm	You could if it's not HTTP only, but on the first request there will be no cookie
#	Aug 22nd 2019, 10:02	challgren	in JS cant you get the cookie?
#	Aug 22nd 2019, 10:02	ndm	totally fine :slightly_smiling_face:
#	Aug 22nd 2019, 10:02	neon1024	Feels a bit hacky
#	Aug 22nd 2019, 10:01	ndm	in your layout
#	Aug 22nd 2019, 10:01	ndm	@neon1024 Assign it to a global variable
#	Aug 22nd 2019, 10:01	ndm	@challgren The security token, for the security component
#	Aug 22nd 2019, 10:01	neon1024	Not in Javascript I can’t
#	Aug 22nd 2019, 10:01	ndm	You can get the token in your view from the request object `$this->getRequest->getParam('_csrfToken')`
#	Aug 22nd 2019, 10:01	challgren	What am I thinking of that needs updated when the form changes?
#	Aug 22nd 2019, 10:01	neon1024	Hm okay, thanks for the help @ndm I’ll look into this
#	Aug 22nd 2019, 10:00	ndm	It needs to send alongside your ajax request, and the the token needs to be in the data too, either as header (`X-CSRF-Token`) or as a field (`_csrfToken`)
#	Aug 22nd 2019, 10:00	neon1024	So httpOnly blocks js
#	Aug 22nd 2019, 09:59	neon1024	So I need this cookie?
#	Aug 22nd 2019, 09:59	ndm	@neon1024 @challgren No, it doesn't, the form helper just conveniently injects the token, but it doesn't generate it, that happens in the middleware, and it's not realted to any content