Log message #4199601

# At Username Text
# Aug 22nd 2019, 13:23 spriz and I have yet to find a use case for the `Cross Controller Communication` myself :slightly_smiling_face:
# Aug 22nd 2019, 13:22 spriz and don't put things in hidden formfields that should really be hidden in first place
# Aug 22nd 2019, 13:22 spriz much rather avoid mass-assignment of entities and use modelless forms and be gone with it
# Aug 22nd 2019, 13:21 spriz I don't think that's really worth it though
# Aug 22nd 2019, 13:21 spriz core members told me just to disable it if not using the form tampering prevention
# Aug 22nd 2019, 13:21 neon1024 It does do form tampering
# Aug 22nd 2019, 13:20 spriz It's the conclusion I was given after having some troubles with it after putting our app behind CF
# Aug 22nd 2019, 13:20 spriz Then you don't care craps about SSL :)
# Aug 22nd 2019, 13:20 neon1024 Jusst me and my Macbook! :beers:
# Aug 22nd 2019, 13:19 neon1024 Who knows, I don’t have a server yet
# Aug 22nd 2019, 13:19 spriz if your only usage of `Security` is : `$this->Security->setConfig('blackHoleCallback', 'fooBar');` then just kill it right away
# Aug 22nd 2019, 13:19 spriz chances are you only use it to enforce https which is quite a lot easier in your LB/webserver
# Aug 22nd 2019, 13:18 neon1024 Well “default”
# Aug 22nd 2019, 13:18 spriz just before I add `crud` :)
# Aug 22nd 2019, 13:18 neon1024 https://github.com/cakephp/app/blob/master/src/Controller/AppController.php#L53
# Aug 22nd 2019, 13:18 spriz Yurp, and it's one of the first things I kill :)
# Aug 22nd 2019, 13:18 neon1024 It’s loaded by default in the skeleton
# Aug 22nd 2019, 13:17 spriz only caused my troubles
# Aug 22nd 2019, 13:17 spriz What are you using the `SecurityComponent` for ? O_o
# Aug 22nd 2019, 13:17 neon1024 If this application goes live to the world I may re-vitist the CSRF
# Aug 22nd 2019, 13:16 neon1024 I think I can trust our team in India
# Aug 22nd 2019, 13:15 neon1024 The CsrfProtectionMiddleware took me more than an hour and I still couldn’t get it working. So I removed it to carry on building my application
# Aug 22nd 2019, 13:15 neon1024 I’m still using the SecurityComponent
# Aug 22nd 2019, 13:11 spriz I remember some warnings that helped me when updating to 3.7.0 though
# Aug 22nd 2019, 13:08 spriz ;P
# Aug 22nd 2019, 13:08 spriz @neon1024 Had issues as well, ended up removing security and csrf - problem solved!
# Aug 22nd 2019, 12:59 admad good of you to accept it's still a dev mistake, unlike you know who :P
# Aug 22nd 2019, 12:55 challgren But in reality its a failure on our part since we arent using the correct skeleton after a version update
# Aug 22nd 2019, 12:54 challgren Yeah I looked through the app and Im pretty sure most of us here built our apps before Dec 8th so its a hodge podge of everything
# Aug 22nd 2019, 12:53 admad @challgren ah that might be it, regarding csrf middleware. Earlier the whitelisting feature was not available that it why it was moved to router in skeleton app
# Aug 22nd 2019, 12:53 challgren Bugger
# Aug 22nd 2019, 12:52 mehov @challgren thanks, but `Warning (4096): Object of class Cake\Database\Expression\FunctionExpression could not be converted to string`
# Aug 22nd 2019, 12:49 challgren Try. FYI I am no ORM expert
# Aug 22nd 2019, 12:46 mehov I'm afraid I need it once and for that query only, so I think I shouldn't be modifying the Entity. Right now I have: ``` $query->select([ $query->newExpr([ '@salesTotal := ', $query->func()->sum('Table.total') ]), ]); ``` But that results in `@salesTotal := AND SUM(Table.total`
# Aug 22nd 2019, 12:43 challgren @mehov https://book.cakephp.org/3.0/en/orm/entities.html#creating-virtual-fields
# Aug 22nd 2019, 12:42 mehov Guys, is there any way to use MySQL user-defined variables with Cake\ORM\Query? Here's an example: https://dba.stackexchange.com/a/224756 ``` SELECT @earnings := (`house_rent`+`conveyance`+`medical`+`dearness`+`others_allowances`) AS earnings , @deductions := (`income_tax`+`pro_tax`+`emp_state_insu`+`absence_fine`+`others_deductions`) AS deductions, @earnings - @deductions AS net_salary FROM salary ```
# Aug 22nd 2019, 12:40 scuadra is there something like 'last' => true for validation as in Cake 2 :face_with_rolling_eyes:
# Aug 22nd 2019, 12:36 rchavik dammit, it was misconfigure nginx conf
# Aug 22nd 2019, 12:34 scuadra thank you very much for the help
# Aug 22nd 2019, 12:34 challgren I think a lot of the confusion regarding the CSRF middleware is that old cakephp/app installs have the middleware registering in the Application::middleware() but newer have it in the routes.php
# Aug 22nd 2019, 12:34 scuadra it's ok now