Log message #4266274

# At Username Text
# Jun 23rd 2021, 21:11 kevin.pfeifer so does `$this->request->getData();` not return what you expect?
# Jun 23rd 2021, 21:07 tyler.adam.lazenby basically I need the equivalent of `file_get_contents('php://input')`
# Jun 23rd 2021, 21:06 tyler.adam.lazenby before I get any further, I would like to ask what you would say to do when I am going to need the request body to be able to hash and see if the signature matches?
# Jun 23rd 2021, 20:17 tyler.adam.lazenby I know all about that
# Jun 23rd 2021, 20:17 steinkel but for regular forms you have this one and his cousing ```$this->enableCsrfToken();```
# Jun 23rd 2021, 20:17 tyler.adam.lazenby I was avoiding using the enablecsrf()
# Jun 23rd 2021, 20:16 tyler.adam.lazenby yeah]
# Jun 23rd 2021, 20:16 steinkel hehe, well you actually don't want that at all in a webhook
# Jun 23rd 2021, 20:16 kevin.pfeifer well that would have been a good info at the start of this whole journey :)
# Jun 23rd 2021, 20:16 steinkel integration unit tests
# Jun 23rd 2021, 20:15 steinkel ```$this->enableSecurityToken();``` you have that for unit tests
# Jun 23rd 2021, 20:14 tyler.adam.lazenby and that finally got me to be able to post on unit tests!
# Jun 23rd 2021, 20:14 tyler.adam.lazenby Thank you
# Jun 23rd 2021, 20:14 steinkel in any case, validate your inputs to ensure they match your expected types and limits
# Jun 23rd 2021, 20:13 steinkel yeah, some checksum calculated with a salted hash based on selected params, or similar approach would work just fine
# Jun 23rd 2021, 20:13 tyler.adam.lazenby oh I will. I am going to be following woocommerce's secret validation protecol
# Jun 23rd 2021, 20:12 steinkel and, for your webhooks ensure you validate your input first thing
# Jun 23rd 2021, 20:12 steinkel disable it too
# Jun 23rd 2021, 20:12 tyler.adam.lazenby gawwww
# Jun 23rd 2021, 20:12 tyler.adam.lazenby ok now i have done that... but now the security component is throwing an error
# Jun 23rd 2021, 20:11 steinkel https://book.cakephp.org/4/en/controllers/components/form-protection.html#disabling-form-tampering-for-specific-actions
# Jun 23rd 2021, 20:11 tyler.adam.lazenby That is exactly what I am trying to disable... I don't know how
# Jun 23rd 2021, 20:10 steinkel you are not posting a form
# Jun 23rd 2021, 20:10 steinkel don't enable FormProtection in your webhooks, they are going to be called by an external entity that's not going to get the required tokens configured
# Jun 23rd 2021, 20:09 tyler.adam.lazenby Which I don't understand because the action is literally just going to be an endpoint for a webhook
# Jun 23rd 2021, 20:04 tyler.adam.lazenby @kevin.pfeifer Form protection. sorry I didn't flag
# Jun 23rd 2021, 20:02 tyler.adam.lazenby FormProtection
# Jun 23rd 2021, 20:02 kevin.pfeifer @tyler.adam.lazenby this exception only gets thrown by either the SecurityComponent or the FormProtector. Can you tell from the callstack which it is?
# Jun 23rd 2021, 20:00 kevin.pfeifer @sebastiansperandio093 a postlink is just an extra form that only gets submitted after you confirm the alert box So you need to find the corresponding form by the ID and adjust the action it would post to
# Jun 23rd 2021, 19:56 sebastiansperandio093 I need to update $article->id var with jquery (depending of an ajax response)
# Jun 23rd 2021, 19:55 sebastiansperandio093 ```<?= $this->Form->postLink( 'Delete', ['action' => 'delete', $article->id], ['confirm' => 'Are you sure?']) ?>```
# Jun 23rd 2021, 19:55 sebastiansperandio093 I meant
# Jun 23rd 2021, 19:54 sebastiansperandio093 hello there! can someone help me to find a way to update the parameter in a postLink with Jquery o Javascript?
# Jun 23rd 2021, 19:52 tyler.adam.lazenby ```$csrf = new CsrfProtectionMiddleware([ 'httponly' => true, ] ); $csrf->skipCheckCallback(function ($request) { if ($request->getParam('action') === 'sendOrderEmail') { return true; } });```
# Jun 23rd 2021, 19:52 tyler.adam.lazenby Possibly related to Cake\Http\Exception\BadRequestException: "`_Token` was not found in request data."
# Jun 23rd 2021, 19:52 tyler.adam.lazenby So I tried the solution that was given yesterday on how to exclude an action from csrf protection checks... but when I test it... this is the error I get
# Jun 23rd 2021, 15:01 joacir.santos So, I missunderstood the setter concept on entity. Appreciate your help!
# Jun 23rd 2021, 14:52 joepferguson Submitted 2 talks. Thanks for the reminder!
# Jun 23rd 2021, 14:46 joepferguson Chris: there's some ideas on the submit page https://cakefest.org/submit • CakePHP features • Optimization and performance • Development and deployment techniques • Integration with other packages or platforms • Plugins and extending the framework • CakePHP 4 • Successful projects in CakePHP
# Jun 23rd 2021, 14:44 dereuromark Thats what behaviors are for, after all ;) Check out alone my tools ones, a huge list of specific things to modify specific fields with. I always try to keep these things out of entities, as this can only blow up.
# Jun 23rd 2021, 14:42 chris301 what sort of things might you be looking for?