Log message #4199540

# At Username Text
# Aug 22nd 2019, 11:53 neon1024 I looked in Application.php for Middleware, and CSRF is in routes.php!
# Aug 22nd 2019, 11:53 neon1024 If you were a beginner you’d have no idea what was going on
# Aug 22nd 2019, 11:52 neon1024 You just get an exception
# Aug 22nd 2019, 11:52 neon1024 The point being that CSRF and Security feel a bit muddled, and they’re a hard stop for development
# Aug 22nd 2019, 11:52 slackebot2 <alexdd55976>
# Aug 22nd 2019, 11:52 neon1024 For a beginner, well…
# Aug 22nd 2019, 11:52 neon1024 I’m hardly the worlds greatest idiot and I couldn’t work it out
# Aug 22nd 2019, 11:51 neon1024 ..and it shows there is an opportunity to improve the documentation
# Aug 22nd 2019, 11:51 neon1024 Yep, that’s me
# Aug 22nd 2019, 11:51 admad but if someone is dumb enough to add the middleware in application and for specific route too then there would be
# Aug 22nd 2019, 11:50 alexdd55976 middlewhere... everyware
# Aug 22nd 2019, 11:50 alexdd55976 middlewares.... everywhere...
# Aug 22nd 2019, 11:50 admad there aren't
# Aug 22nd 2019, 11:50 neon1024 :exploding_head:
# Aug 22nd 2019, 11:50 neon1024 ..and a component!
# Aug 22nd 2019, 11:50 neon1024 There are *two* csrf middlwares?! :S
# Aug 22nd 2019, 11:49 admad well if you have the csrfmiddleware in your application too obviously that wont wokr
# Aug 22nd 2019, 11:49 neon1024 That should be a heading imho
# Aug 22nd 2019, 11:49 neon1024 Yeah, there is a tiny grey comment line
# Aug 22nd 2019, 11:48 neon1024 Maybe it should be in `Application.php`, I’m not sure
# Aug 22nd 2019, 11:48 neon1024 @admad The only thing I can see, I added it to `routes.php` as the above example is talking about scoped middleware in routes
# Aug 22nd 2019, 11:47 neon1024 @admad https://book.cakephp.org/3.0/en/controllers/middleware.html#cross-site-request-forgery-csrf-middleware :point_right: and scroll down to the code example for `whitelistCallback`
# Aug 22nd 2019, 11:47 alexdd55976 did you check for a simple type?
# Aug 22nd 2019, 11:47 neon1024 @alexdd55976 Perhaps I need to make associated id fields accessible :thinking_face:
# Aug 22nd 2019, 11:47 admad link me
# Aug 22nd 2019, 11:46 neon1024 @admad The example given in the book :slightly_smiling_face: I copied it and it didn’t work
# Aug 22nd 2019, 11:46 admad @neon1024 "Lol, even the whitelist callback doesn’t work" what does not work?
# Aug 22nd 2019, 11:46 neon1024 I am submitting id fields with my existing records, and the resulting entities are marked new and the id field is missing
# Aug 22nd 2019, 11:46 alexdd55976 yes
# Aug 22nd 2019, 11:46 neon1024 The result ends up with `public '[new]' => boolean true` in the entity
# Aug 22nd 2019, 11:46 alexdd55976 oh, yes
# Aug 22nd 2019, 11:45 neon1024 Well you know that when patchEntity runs, it determines if an entity is new or not by if the id field is present
# Aug 22nd 2019, 11:45 alexdd55976 @neon1024 i am not getting the whole thing (maybe i read it worng)
# Aug 22nd 2019, 11:43 neon1024 Anyone have any idea why, when I submit request data array it includes id field, but when the entities are created, they’re marked as new
# Aug 22nd 2019, 11:37 admad @rchavik if $this->request->getQuery() is empty that problem has nothing to do with crud or search plugin
# Aug 22nd 2019, 11:36 neon1024 @rhc
# Aug 22nd 2019, 11:33 rchavik hi, trying to get crud + seach working, but somehow even though requset contains `[REQUEST_URI] => /api/nodes?q=hello`, $this->request->getQuery() in controller is empty. any idea what i'm missing?
# Aug 22nd 2019, 11:33 alexdd55976 useful, would only use for excessive usage... othewise it might be a bit over the top
# Aug 22nd 2019, 11:32 conehead Looks promising as well. Thank you
# Aug 22nd 2019, 11:27 challgren I did use https://github.com/ypnos-web/cakephp-datatables a while ago
# Aug 22nd 2019, 11:26 conehead @admad @alexdd55976 good gosh. Thanks I guess this solves my problem totally. Not sure why I thought I HAD to use paginator