# |
Jun 23rd 2021, 21:13 |
kevin.pfeifer |
you can also check `$this->request->getBody();` |
# |
Jun 23rd 2021, 21:12 |
tyler.adam.lazenby |
just wanna do it the cake way as much as possible though |
# |
Jun 23rd 2021, 21:12 |
tyler.adam.lazenby |
I just know that the command above is what works on my old source code |
# |
Jun 23rd 2021, 21:11 |
tyler.adam.lazenby |
I wasn't sure if it would |
# |
Jun 23rd 2021, 21:11 |
kevin.pfeifer |
so does `$this->request->getData();` not return what you expect? |
# |
Jun 23rd 2021, 21:07 |
tyler.adam.lazenby |
basically I need the equivalent of `file_get_contents('php://input')` |
# |
Jun 23rd 2021, 21:06 |
tyler.adam.lazenby |
before I get any further, I would like to ask what you would say to do when I am going to need the request body to be able to hash and see if the signature matches? |
# |
Jun 23rd 2021, 20:17 |
tyler.adam.lazenby |
I know all about that |
# |
Jun 23rd 2021, 20:17 |
steinkel |
but for regular forms you have this one and his cousing ```$this->enableCsrfToken();``` |
# |
Jun 23rd 2021, 20:17 |
tyler.adam.lazenby |
I was avoiding using the enablecsrf() |
# |
Jun 23rd 2021, 20:16 |
tyler.adam.lazenby |
yeah] |
# |
Jun 23rd 2021, 20:16 |
steinkel |
hehe, well you actually don't want that at all in a webhook |
# |
Jun 23rd 2021, 20:16 |
kevin.pfeifer |
well that would have been a good info at the start of this whole journey :) |
# |
Jun 23rd 2021, 20:16 |
steinkel |
integration unit tests |
# |
Jun 23rd 2021, 20:15 |
steinkel |
```$this->enableSecurityToken();``` you have that for unit tests |
# |
Jun 23rd 2021, 20:14 |
tyler.adam.lazenby |
and that finally got me to be able to post on unit tests! |
# |
Jun 23rd 2021, 20:14 |
tyler.adam.lazenby |
Thank you |
# |
Jun 23rd 2021, 20:14 |
steinkel |
in any case, validate your inputs to ensure they match your expected types and limits |
# |
Jun 23rd 2021, 20:13 |
steinkel |
yeah, some checksum calculated with a salted hash based on selected params, or similar approach would work just fine |
# |
Jun 23rd 2021, 20:13 |
tyler.adam.lazenby |
oh I will. I am going to be following woocommerce's secret validation protecol |
# |
Jun 23rd 2021, 20:12 |
steinkel |
and, for your webhooks ensure you validate your input first thing |
# |
Jun 23rd 2021, 20:12 |
steinkel |
disable it too |
# |
Jun 23rd 2021, 20:12 |
tyler.adam.lazenby |
gawwww |
# |
Jun 23rd 2021, 20:12 |
tyler.adam.lazenby |
ok now i have done that... but now the security component is throwing an error |
# |
Jun 23rd 2021, 20:11 |
steinkel |
https://book.cakephp.org/4/en/controllers/components/form-protection.html#disabling-form-tampering-for-specific-actions |
# |
Jun 23rd 2021, 20:11 |
tyler.adam.lazenby |
That is exactly what I am trying to disable... I don't know how |
# |
Jun 23rd 2021, 20:10 |
steinkel |
you are not posting a form |
# |
Jun 23rd 2021, 20:10 |
steinkel |
don't enable FormProtection in your webhooks, they are going to be called by an external entity that's not going to get the required tokens configured |
# |
Jun 23rd 2021, 20:09 |
tyler.adam.lazenby |
Which I don't understand because the action is literally just going to be an endpoint for a webhook |
# |
Jun 23rd 2021, 20:04 |
tyler.adam.lazenby |
@kevin.pfeifer Form protection. sorry I didn't flag |
# |
Jun 23rd 2021, 20:02 |
tyler.adam.lazenby |
FormProtection |
# |
Jun 23rd 2021, 20:02 |
kevin.pfeifer |
@tyler.adam.lazenby this exception only gets thrown by either the SecurityComponent or the FormProtector. Can you tell from the callstack which it is? |
# |
Jun 23rd 2021, 20:00 |
kevin.pfeifer |
@sebastiansperandio093 a postlink is just an extra form that only gets submitted after you confirm the alert box So you need to find the corresponding form by the ID and adjust the action it would post to |
# |
Jun 23rd 2021, 19:56 |
sebastiansperandio093 |
I need to update $article->id var with jquery (depending of an ajax response) |
# |
Jun 23rd 2021, 19:55 |
sebastiansperandio093 |
```<?= $this->Form->postLink( 'Delete', ['action' => 'delete', $article->id], ['confirm' => 'Are you sure?']) ?>``` |
# |
Jun 23rd 2021, 19:55 |
sebastiansperandio093 |
I meant |
# |
Jun 23rd 2021, 19:54 |
sebastiansperandio093 |
hello there! can someone help me to find a way to update the parameter in a postLink with Jquery o Javascript? |
# |
Jun 23rd 2021, 19:52 |
tyler.adam.lazenby |
```$csrf = new CsrfProtectionMiddleware([ 'httponly' => true, ] ); $csrf->skipCheckCallback(function ($request) { if ($request->getParam('action') === 'sendOrderEmail') { return true; } });``` |
# |
Jun 23rd 2021, 19:52 |
tyler.adam.lazenby |
Possibly related to Cake\Http\Exception\BadRequestException: "`_Token` was not found in request data." |
# |
Jun 23rd 2021, 19:52 |
tyler.adam.lazenby |
So I tried the solution that was given yesterday on how to exclude an action from csrf protection checks... but when I test it... this is the error I get |
# |
Jun 23rd 2021, 15:01 |
joacir.santos |
So, I missunderstood the setter concept on entity. Appreciate your help! |