# |
Jun 11th 2021, 10:48 |
paolo.bragagni |
yes it works |
# |
Jun 11th 2021, 10:47 |
slackebot |
<paolo.bragagni> |
# |
Jun 11th 2021, 10:46 |
kevin.pfeifer |
the CsrfMiddleware is a security feature which is enabled by default so it would be pretty bad if you disable it just for that ^^ |
# |
Jun 11th 2021, 10:46 |
kevin.pfeifer |
does it still work? |
# |
Jun 11th 2021, 10:46 |
kevin.pfeifer |
well if you enable it now |
# |
Jun 11th 2021, 10:46 |
paolo.bragagni |
trying to enable? |
# |
Jun 11th 2021, 10:46 |
paolo.bragagni |
yes |
# |
Jun 11th 2021, 10:45 |
kevin.pfeifer |
do you still have the CsrfMiddleware disabled? |
# |
Jun 11th 2021, 10:45 |
kevin.pfeifer |
but! |
# |
Jun 11th 2021, 10:45 |
kevin.pfeifer |
nice |
# |
Jun 11th 2021, 10:45 |
slackebot |
<paolo.bragagni> |
# |
Jun 11th 2021, 10:45 |
paolo.bragagni |
thenks kevin |
# |
Jun 11th 2021, 10:27 |
wizardfix |
Many thanks @kevin.pfeifer I'll try that. :) |
# |
Jun 11th 2021, 10:26 |
kevin.pfeifer |
so if you need to stay on 3.5.17 you can add that try-catch block in your `/app/vendor/cakephp/cakephp/src/Database/Driver/PDODriverTrait.php` |
# |
Jun 11th 2021, 10:23 |
kevin.pfeifer |
well according to https://stackoverflow.com/questions/32239205/php-pdo-hide-error-message-when-failed-connecting-to-mysql-server Its basically an exception from the PDO Class which needs to be catched via a try-catch block. |
# |
Jun 11th 2021, 10:20 |
wizardfix |
Haha yes I know @kevin.pfeifer the powers that be are nervous of upgrading... |
# |
Jun 11th 2021, 10:18 |
kevin.pfeifer |
@wizardfix thats quite the old cakephp version ,:) |
# |
Jun 11th 2021, 10:17 |
kevin.pfeifer |
@paolo.bragagni json should be returned like so ```$response = $this->getResponse(); $this->autoRender = false; return $response->withType( 'application/json' ) ->withStringBody( json_encode( $results ) );``` |
# |
Jun 11th 2021, 10:15 |
wizardfix |
@kevin.pfeifer '3.5.17' |
# |
Jun 11th 2021, 10:15 |
paolo.bragagni |
is not possible anymore? |
# |
Jun 11th 2021, 10:15 |
paolo.bragagni |
in my old controller I return json with echo json_encode($results); |
# |
Jun 11th 2021, 10:15 |
paolo.bragagni |
btu noew I have another question.. |
# |
Jun 11th 2021, 10:14 |
paolo.bragagni |
there was an error in my old autocontroller |
# |
Jun 11th 2021, 10:14 |
paolo.bragagni |
steps ahead |
# |
Jun 11th 2021, 09:59 |
kevin.pfeifer |
what is the error / message you get back from your failed ajax request @paolo.bragagni |
# |
Jun 11th 2021, 09:55 |
paolo.bragagni |
no. something missing |
# |
Jun 11th 2021, 09:46 |
kevin.pfeifer |
@wizardfix what cakephp version are you using? |
# |
Jun 11th 2021, 09:29 |
paolo.bragagni |
check again :) |
# |
Jun 11th 2021, 09:29 |
paolo.bragagni |
probably is in my js |
# |
Jun 11th 2021, 09:26 |
paolo.bragagni |
no. doesnt work |
# |
Jun 11th 2021, 09:24 |
wizardfix |
Hi all... just wondering, is there an easy way to stop CakePHP partially logging passwords in stack traces? Like this: `````` |
# |
Jun 11th 2021, 09:23 |
paolo.bragagni |
azz |
# |
Jun 11th 2021, 09:22 |
kevin.pfeifer |
by "it" i mean the whole ``` //->add(new CsrfProtectionMiddleware([ // 'httponly' => true, //]));``` |
# |
Jun 11th 2021, 09:20 |
kevin.pfeifer |
```'httponly' => false,``` doesn't deactive the middleware you have to comment it out to check if its the CSRF Protection which prevents you ajax |
# |
Jun 11th 2021, 09:19 |
paolo.bragagni |
(but) |
# |
Jun 11th 2021, 09:19 |
paolo.bragagni |
put to false bau same behaviour |
# |
Jun 11th 2021, 09:11 |
kevin.pfeifer |
https://github.com/cakephp/app/blob/master/src/Application.php#L103 |
# |
Jun 11th 2021, 09:11 |
kevin.pfeifer |
but you do have the CsrfMiddleware active |
# |
Jun 11th 2021, 09:10 |
paolo.bragagni |
no |
# |
Jun 11th 2021, 09:10 |
kevin.pfeifer |
in your ajax call |
# |
Jun 11th 2021, 09:10 |
kevin.pfeifer |
do you set the CSRF-Toke header? |