# |
Aug 22nd 2019, 10:29 |
conehead |
@neon1024 Yes, pretty much lots of rows. But I only need to get one `Document` with it's `Status`. Currently there are roughly 6k documents and 8k statuses. This here results in a timeout: ``` $this->paginate = [ 'limit' => 1, 'contain' => [ 'Status', ], ]; $pag = $this->paginate($this->Documents->find()); ``` |
# |
Aug 22nd 2019, 10:24 |
neon1024 |
@ndm Nor me :man-shrugging: It might just be my brain, or my bad code. I’ve historically always had issues with this part of the framework |
# |
Aug 22nd 2019, 10:24 |
neon1024 |
Perhaps that combined with the joins is slowing things down? Perhaps it’s worth experimenting with an offset paginator |
# |
Aug 22nd 2019, 10:24 |
ndm |
@neon1024 I don't really see how that could possibly happen, unless maybe the request object is modified somewhere. |
# |
Aug 22nd 2019, 10:23 |
neon1024 |
@conehead Do you have lots of rows? Cake uses limit pagination by default, so it’ll load the entire result set and sub-set for the page |
# |
Aug 22nd 2019, 10:22 |
conehead |
Hm neon my problem is actually not really solved with the missing index. When just executing the query the result comes really fast. When passing this query to a paginator, I get timeouts again. The (hasOne) relations that slow everything down have a condition |
# |
Aug 22nd 2019, 10:20 |
neon1024 |
Needs work imho |
# |
Aug 22nd 2019, 10:19 |
neon1024 |
RIP CSRF Middleware |
# |
Aug 22nd 2019, 10:19 |
neon1024 |
Lol, even the whitelist callback doesn’t work |
# |
Aug 22nd 2019, 10:17 |
neon1024 |
Yep |
# |
Aug 22nd 2019, 10:16 |
ndm |
You mean the paramter in the request object is empty? |
# |
Aug 22nd 2019, 10:13 |
neon1024 |
I’ll use the whitelist callback |
# |
Aug 22nd 2019, 10:13 |
neon1024 |
So when I hit this page, my `_csrfToken` is empty |
# |
Aug 22nd 2019, 10:13 |
ndm |
I'm not overly familiar with Vue.js, but I don't see how adding a script tag on top wouldn't work |
# |
Aug 22nd 2019, 10:11 |
neon1024 |
This is my template |
# |
Aug 22nd 2019, 10:11 |
slackebot2 |
<neon1024> |
# |
Aug 22nd 2019, 10:10 |
neon1024 |
I’m using Vue.js to build a component which manages the whole template |
# |
Aug 22nd 2019, 10:10 |
ndm |
what does "rendering javascript" mean |
# |
Aug 22nd 2019, 10:10 |
neon1024 |
I think I’ll just turn off CSRF for this prefix |
# |
Aug 22nd 2019, 10:09 |
neon1024 |
Seems to work on other pages |
# |
Aug 22nd 2019, 10:09 |
neon1024 |
Adding the token to the layout doesn’t work when I’m redering my javascript |
# |
Aug 22nd 2019, 10:09 |
challgren |
Ahh ok |
# |
Aug 22nd 2019, 10:09 |
ndm |
@challgren Oh wait, I think I misunderstood you... the cookie would be there. Still I think passing the value to JS is cleaner, no need to parse the cookie string, and to make the cookie insecure |
# |
Aug 22nd 2019, 10:09 |
hippo |
``` $this->enableCsrfToken(); $this->enableSecurityToken(); ``` |
# |
Aug 22nd 2019, 10:08 |
challgren |
Is there anyway to explicitly turn it on? |
# |
Aug 22nd 2019, 10:08 |
hippo |
Yes |
# |
Aug 22nd 2019, 10:08 |
challgren |
Ok so heres a question when doing Integration Testing isn’t the CSRF token check disabled? |
# |
Aug 22nd 2019, 10:03 |
ndm |
You could if it's not HTTP only, but on the first request there will be no cookie |
# |
Aug 22nd 2019, 10:02 |
challgren |
in JS cant you get the cookie? |
# |
Aug 22nd 2019, 10:02 |
ndm |
totally fine :slightly_smiling_face: |
# |
Aug 22nd 2019, 10:02 |
neon1024 |
Feels a bit hacky |
# |
Aug 22nd 2019, 10:01 |
ndm |
in your layout |
# |
Aug 22nd 2019, 10:01 |
ndm |
@neon1024 Assign it to a global variable |
# |
Aug 22nd 2019, 10:01 |
ndm |
@challgren The security token, for the security component |
# |
Aug 22nd 2019, 10:01 |
neon1024 |
Not in Javascript I can’t |
# |
Aug 22nd 2019, 10:01 |
ndm |
You can get the token in your view from the request object `$this->getRequest->getParam('_csrfToken')` |
# |
Aug 22nd 2019, 10:01 |
challgren |
What am I thinking of that needs updated when the form changes? |
# |
Aug 22nd 2019, 10:01 |
neon1024 |
Hm okay, thanks for the help @ndm I’ll look into this |
# |
Aug 22nd 2019, 10:00 |
ndm |
It needs to send alongside your ajax request, and the the token needs to be in the data too, either as header (`X-CSRF-Token`) or as a field (`_csrfToken`) |
# |
Aug 22nd 2019, 10:00 |
neon1024 |
So httpOnly blocks js |
# |
Aug 22nd 2019, 09:59 |
neon1024 |
So I need this cookie? |