Log message #4266284

# At Username Text
# Jun 23rd 2021, 21:24 kevin.pfeifer with `$this->request->getBody()` you get a PhpInputStream. If you want the unparsed body, you need to call ```$this->request->getBody()->getContents()```
# Jun 23rd 2021, 21:19 tyler.adam.lazenby thank you so much
# Jun 23rd 2021, 21:19 kevin.pfeifer let me check with one of my json post data
# Jun 23rd 2021, 21:16 tyler.adam.lazenby and the stream interface... has issues
# Jun 23rd 2021, 21:16 tyler.adam.lazenby I need the string version of the body
# Jun 23rd 2021, 21:14 kevin.pfeifer or `$this->request->getParsedBody();` if you want the parsed body :) See also https://github.com/cakephp/cakephp/blob/master/src/Http/ServerRequest.php#L1271
# Jun 23rd 2021, 21:13 kevin.pfeifer you can also check `$this->request->getBody();`
# Jun 23rd 2021, 21:12 tyler.adam.lazenby just wanna do it the cake way as much as possible though
# Jun 23rd 2021, 21:12 tyler.adam.lazenby I just know that the command above is what works on my old source code
# Jun 23rd 2021, 21:11 tyler.adam.lazenby I wasn't sure if it would
# Jun 23rd 2021, 21:11 kevin.pfeifer so does `$this->request->getData();` not return what you expect?
# Jun 23rd 2021, 21:07 tyler.adam.lazenby basically I need the equivalent of `file_get_contents('php://input')`
# Jun 23rd 2021, 21:06 tyler.adam.lazenby before I get any further, I would like to ask what you would say to do when I am going to need the request body to be able to hash and see if the signature matches?
# Jun 23rd 2021, 20:17 tyler.adam.lazenby I know all about that
# Jun 23rd 2021, 20:17 steinkel but for regular forms you have this one and his cousing ```$this->enableCsrfToken();```
# Jun 23rd 2021, 20:17 tyler.adam.lazenby I was avoiding using the enablecsrf()
# Jun 23rd 2021, 20:16 tyler.adam.lazenby yeah]
# Jun 23rd 2021, 20:16 steinkel hehe, well you actually don't want that at all in a webhook
# Jun 23rd 2021, 20:16 kevin.pfeifer well that would have been a good info at the start of this whole journey :)
# Jun 23rd 2021, 20:16 steinkel integration unit tests
# Jun 23rd 2021, 20:15 steinkel ```$this->enableSecurityToken();``` you have that for unit tests
# Jun 23rd 2021, 20:14 tyler.adam.lazenby and that finally got me to be able to post on unit tests!
# Jun 23rd 2021, 20:14 tyler.adam.lazenby Thank you
# Jun 23rd 2021, 20:14 steinkel in any case, validate your inputs to ensure they match your expected types and limits
# Jun 23rd 2021, 20:13 steinkel yeah, some checksum calculated with a salted hash based on selected params, or similar approach would work just fine
# Jun 23rd 2021, 20:13 tyler.adam.lazenby oh I will. I am going to be following woocommerce's secret validation protecol
# Jun 23rd 2021, 20:12 steinkel and, for your webhooks ensure you validate your input first thing
# Jun 23rd 2021, 20:12 steinkel disable it too
# Jun 23rd 2021, 20:12 tyler.adam.lazenby gawwww
# Jun 23rd 2021, 20:12 tyler.adam.lazenby ok now i have done that... but now the security component is throwing an error
# Jun 23rd 2021, 20:11 steinkel https://book.cakephp.org/4/en/controllers/components/form-protection.html#disabling-form-tampering-for-specific-actions
# Jun 23rd 2021, 20:11 tyler.adam.lazenby That is exactly what I am trying to disable... I don't know how
# Jun 23rd 2021, 20:10 steinkel you are not posting a form
# Jun 23rd 2021, 20:10 steinkel don't enable FormProtection in your webhooks, they are going to be called by an external entity that's not going to get the required tokens configured
# Jun 23rd 2021, 20:09 tyler.adam.lazenby Which I don't understand because the action is literally just going to be an endpoint for a webhook
# Jun 23rd 2021, 20:04 tyler.adam.lazenby @kevin.pfeifer Form protection. sorry I didn't flag
# Jun 23rd 2021, 20:02 tyler.adam.lazenby FormProtection
# Jun 23rd 2021, 20:02 kevin.pfeifer @tyler.adam.lazenby this exception only gets thrown by either the SecurityComponent or the FormProtector. Can you tell from the callstack which it is?
# Jun 23rd 2021, 20:00 kevin.pfeifer @sebastiansperandio093 a postlink is just an extra form that only gets submitted after you confirm the alert box So you need to find the corresponding form by the ID and adjust the action it would post to
# Jun 23rd 2021, 19:56 sebastiansperandio093 I need to update $article->id var with jquery (depending of an ajax response)
# Jun 23rd 2021, 19:55 sebastiansperandio093 ```<?= $this->Form->postLink( 'Delete', ['action' => 'delete', $article->id], ['confirm' => 'Are you sure?']) ?>```