Log message #4266289

# At Username Text
# Jun 23rd 2021, 22:58 ljolley Does anyone know if there is a way to define the `setFrom` for a `Cake\Mailer\Mailer` in the `EmailTransport` defined in `/config/app.php` so it doesn't have to be set every time an email is generated?
# Jun 23rd 2021, 22:55 sebastiansperandio093 thanks! I supposed something like that. I was looking for some ideas. Thanks Kevin
# Jun 23rd 2021, 21:26 tyler.adam.lazenby Right, and I think just using the `getData()` method will work fine it is a json body that gets sent over.
# Jun 23rd 2021, 21:25 kevin.pfeifer ```$this->request->getParsedBody();``` will give you the json directly if you desire that more
# Jun 23rd 2021, 21:24 tyler.adam.lazenby thank you!!!!!!!!
# Jun 23rd 2021, 21:24 kevin.pfeifer with `$this->request->getBody()` you get a PhpInputStream. If you want the unparsed body, you need to call ```$this->request->getBody()->getContents()```
# Jun 23rd 2021, 21:19 tyler.adam.lazenby thank you so much
# Jun 23rd 2021, 21:19 kevin.pfeifer let me check with one of my json post data
# Jun 23rd 2021, 21:16 tyler.adam.lazenby and the stream interface... has issues
# Jun 23rd 2021, 21:16 tyler.adam.lazenby I need the string version of the body
# Jun 23rd 2021, 21:14 kevin.pfeifer or `$this->request->getParsedBody();` if you want the parsed body :) See also https://github.com/cakephp/cakephp/blob/master/src/Http/ServerRequest.php#L1271
# Jun 23rd 2021, 21:13 kevin.pfeifer you can also check `$this->request->getBody();`
# Jun 23rd 2021, 21:12 tyler.adam.lazenby just wanna do it the cake way as much as possible though
# Jun 23rd 2021, 21:12 tyler.adam.lazenby I just know that the command above is what works on my old source code
# Jun 23rd 2021, 21:11 tyler.adam.lazenby I wasn't sure if it would
# Jun 23rd 2021, 21:11 kevin.pfeifer so does `$this->request->getData();` not return what you expect?
# Jun 23rd 2021, 21:07 tyler.adam.lazenby basically I need the equivalent of `file_get_contents('php://input')`
# Jun 23rd 2021, 21:06 tyler.adam.lazenby before I get any further, I would like to ask what you would say to do when I am going to need the request body to be able to hash and see if the signature matches?
# Jun 23rd 2021, 20:17 tyler.adam.lazenby I know all about that
# Jun 23rd 2021, 20:17 steinkel but for regular forms you have this one and his cousing ```$this->enableCsrfToken();```
# Jun 23rd 2021, 20:17 tyler.adam.lazenby I was avoiding using the enablecsrf()
# Jun 23rd 2021, 20:16 tyler.adam.lazenby yeah]
# Jun 23rd 2021, 20:16 steinkel hehe, well you actually don't want that at all in a webhook
# Jun 23rd 2021, 20:16 kevin.pfeifer well that would have been a good info at the start of this whole journey :)
# Jun 23rd 2021, 20:16 steinkel integration unit tests
# Jun 23rd 2021, 20:15 steinkel ```$this->enableSecurityToken();``` you have that for unit tests
# Jun 23rd 2021, 20:14 tyler.adam.lazenby and that finally got me to be able to post on unit tests!
# Jun 23rd 2021, 20:14 tyler.adam.lazenby Thank you
# Jun 23rd 2021, 20:14 steinkel in any case, validate your inputs to ensure they match your expected types and limits
# Jun 23rd 2021, 20:13 steinkel yeah, some checksum calculated with a salted hash based on selected params, or similar approach would work just fine
# Jun 23rd 2021, 20:13 tyler.adam.lazenby oh I will. I am going to be following woocommerce's secret validation protecol
# Jun 23rd 2021, 20:12 steinkel and, for your webhooks ensure you validate your input first thing
# Jun 23rd 2021, 20:12 steinkel disable it too
# Jun 23rd 2021, 20:12 tyler.adam.lazenby gawwww
# Jun 23rd 2021, 20:12 tyler.adam.lazenby ok now i have done that... but now the security component is throwing an error
# Jun 23rd 2021, 20:11 steinkel https://book.cakephp.org/4/en/controllers/components/form-protection.html#disabling-form-tampering-for-specific-actions
# Jun 23rd 2021, 20:11 tyler.adam.lazenby That is exactly what I am trying to disable... I don't know how
# Jun 23rd 2021, 20:10 steinkel you are not posting a form
# Jun 23rd 2021, 20:10 steinkel don't enable FormProtection in your webhooks, they are going to be called by an external entity that's not going to get the required tokens configured
# Jun 23rd 2021, 20:09 tyler.adam.lazenby Which I don't understand because the action is literally just going to be an endpoint for a webhook
# Jun 23rd 2021, 20:04 tyler.adam.lazenby @kevin.pfeifer Form protection. sorry I didn't flag