CSRF token not sent when calling the back-end?

My system composes of NuxtJs and AdonisJs application. Adonis handles csrf tokens for us by sending:

set-cookie: adonis-session=XXX; Path=/; HttpOnly set-cookie: XSRF-TOKEN=XXX; Max-Age=7200; Path=/; SameSite=Strict set-cookie: adonis-session-values=XXX; Path=/; HttpOnly 

Now from what I can see, it will set a cookie that can be sent only by a browser. And only if the host is the same. From my understanding, from that point on, browser is the one who will auto attach cookies like that to each request. The problem is, when Nuxt application is making an API request to the back-end I do not see any csrf token being sent when looking at the traffic trough BurpSuite.

And naturally adonis will reply with "Invalid CSRF Token", and respond with status code 500.

I’m not sure what am I missing, I fail to understand why browser is not sending that cookie. And just as the extra information I’ve failed to find it trough browser’s inspector window (Storage tab). Is it possible that the cookie is not set or?

I’ve seen other posts regarding this issue, but they where not helpful because the solution was composed of reading a cookie and manually sending it as the header. Which I do not advise, and is not the model I’m going to implement. I would rather leave it to the back-end framework and browser to do the job for me, because as we all know, there would be less room for me to make a mistake.

Thank you for reading this.

calling a protected method in other packages [closed]

package com.example.sample; public class Test1; {     public enum EncodingFormat     {         _7Bits,_8Bits,Unknown;         protected String tosdkString()         {             switch(this)             {                 case _7Bits: return "7";                 case _8Bits: return "8";             }             return "";         }         static protected EncodingFormat fromString(String source)         {             switch(source)             {                 case "7": return _7Bits;                 case "8": return _8Bits;             }             return Unknown;         }     } } 
package com.example.destination;  import com.example.sample.test1;  public class Test2 extends Test1 {     protected Test2(SDK sdk)     {         m_sdk = sdk;     }      }     private void write(EncodingFormat encodeFormat) throws SdkException, WriteException     {          m_rbasdk.SetParam(PARAMETER_ID.P62_REQ_ENCODING_FORMAT, encodeFormat.tosdkString());     }  } 

Here I am getting error as tosdkString() has protected access in com.example.sample.test1.EncodingFormat. Can some one help me in resolving this issue.

Calling a function that creates records and referencing the created records in a join

I have a function that creates records for different tables that are referenced with each other. The function returns the record from the "parent" table. So I am using that function in the FROM of my query so that I can then perform JOIN on the associated records so that I can piece the tables together. My problem is that the associated records aren’t getting returned and I know for certain that they are getting created.

From what I understand, FROM and JOIN are pretty much executed at the same time so it makes sense that the FROM‘s creation of the records that are used in the JOIN would not exist.

So how can I ensure that the call to the function is executed first before the JOIN is executed? I tried doing this with CTE but no avail.

SELECT   i.invoice_id,   i.invoice_date,   i.invoice_due_date,   i.created_by_id,   i.currency_id,   i.created_at,   si.supplier_info,   bi.billing_info FROM invoices.create_shift_invoice(   CAST(NULLIF($  invoice_date, NULL) AS TIMESTAMP),   CAST(NULLIF($  invoice_due_date, NULL) AS TIMESTAMP),   CAST(NULLIF($  currency_id, '') AS INT8),   CAST(NULLIF($  created_by_id, '') AS INT8),   CAST(NULLIF($  supplier_info, NULL) AS JSONB),   CAST(NULLIF($  billing_info, NULL) AS JSONB),   CAST(NULLIF($  invoice_items_shifts, NULL) AS JSONB) ) i JOIN (   SELECT     _si.invoice_id,     json_build_object(       'supplier_info_id', CAST(_si.supplier_info_id AS VARCHAR),       'invoice_id', CAST(_si.invoice_id AS VARCHAR),       'suppler_name', _si.supplier_name     ) AS supplier_info   FROM invoices.supplier_infos _si ) si USING (invoice_id) JOIN (   SELECT     _bi.invoice_id,     json_build_object(       'billing_info_id', CAST(_bi.billing_info_id AS VARCHAR),       'invoice_id', CAST(_bi.invoice_id AS VARCHAR),       'customer_id', CAST(_bi.customer_id AS VARCHAR)     ) AS billing_info   FROM invoices.billing_infos _bi ) bi USING (invoice_id) 

And here’s my attempt at a CTE:

WITH create_shift_invoice AS (   SELECT *   FROM invoices.create_shift_invoice(     CAST(NULLIF($  invoice_date, NULL) AS TIMESTAMP),     CAST(NULLIF($  invoice_due_date, NULL) AS TIMESTAMP),     CAST(NULLIF($  currency_id, '') AS INT8),     CAST(NULLIF($  created_by_id, '') AS INT8),     CAST(NULLIF($  supplier_info, NULL) AS JSONB),     CAST(NULLIF($  billing_info, NULL) AS JSONB),     CAST(NULLIF($  invoice_items_shifts, NULL) AS JSONB)   ) )  SELECT   i.invoice_id,   i.invoice_date,   i.invoice_due_date,   i.created_by_id,   i.currency_id,   i.created_at,   si.supplier_info,   bi.billing_info FROM create_shift_invoice i LEFT JOIN (   SELECT     _si.invoice_id,     json_build_object(       'supplier_info_id', CAST(_si.supplier_info_id AS VARCHAR),       'invoice_id', CAST(_si.invoice_id AS VARCHAR),       'suppler_name', _si.supplier_name     ) AS supplier_info   FROM invoices.supplier_infos _si ) si USING (invoice_id) LEFT JOIN (   SELECT     _bi.invoice_id,     json_build_object(       'billing_info_id', CAST(_bi.billing_info_id AS VARCHAR),       'invoice_id', CAST(_bi.invoice_id AS VARCHAR),       'customer_id', CAST(_bi.customer_id AS VARCHAR)     ) AS billing_info   FROM invoices.billing_infos _bi ) bi USING (invoice_id) 

[ Politics ] Open Question : Why do conservatives accuse people calling for unity of being divisive?

Chanting “Black Lives Matter” is in fact a message of unity. It means that ALL LIVES don’t matter until BLACK LIVES DO! It’s an expendable term that should not even trigger conservative snowflakes. #BlackLivesMatter The riots are irrelevant. The media has been covering the riots more than the peaceful protests (which make up probably more than 90 percent of the BLM protests). Try harder, conservatives! It’s not working. So you conservatives finally decide you trust the media now that this matter is pertaining to BLM???? Yeah, I see you guys!

Call Master – Free browser based video calling ( $10 Reserve )

Hi,
I want to sell my browser based video calling website.
The site: callmaster.live
Info:
Call Master is a Free browser based video calling site for everyone.
[Short Description]
Website does not generate income yet. The script is great and customizable. Owner can add ads to the video chat window to get hours of impressions per call.

[Best features]

  1. Site allows users to video call for free directly in the browser
  2. Website is easy to transfer with HEROKU:…

Call Master – Free browser based video calling ( $ 10 Reserve )

Call Master – Free browser based video calling

Hi,
I want to sell my browser based video calling website.
The site: callmaster.live
Info:
Call Master is a Free browser based video calling site for everyone.
[Short Description]
Website does not generate income yet. The script is great and customizable. Owner can add ads to the video chat window to get hours of impressions per call.

[Best features]

  1. Site allows users to video call for free directly in the browser
  2. Website is easy to transfer with HEROKU:…

Call Master – Free browser based video calling

JQuery calling a Custom PHP function (Works in Dev but not in WordPress)

My code is working fine on my localhost in my development environment which is outside of the WordPress press environment. I know the PHP function is working. I am able to send test votes to my server from my localhost on my PC.

Problem: I cannot get this to work in WordPress.

My Thoughts I think it’s a path issue, but I’ve tried putting the PHP script in the root and using a full path. I am not getting any errors in the web browser console (f12).

WordPress Version: 5.4.1 I put my custom php code into “/wp-contents/custom-php/votifier.php” My JQuery script is in the header. (yes, I know I should put it in the footer.)

The Button

<div id="voteButton"> <button type="button">Try it</button> </div> 

Localhost Version

<script> $  (document).ready(function(){   $  ("#voteButton").click(function(){     $  .post("votifier/votifier.php",     {       key: $  .trim($  ("#field_yjr62").val()),       ip: $  ('input[name="item_meta[40]"]').val(),       port: $  ('input[name="item_meta[42]"]').val(),       service: "Votifier",       username: $  ('input[name="item_meta[59]"]').val()     },     function(data,status){       alert("Data: " + data + "\nStatus: " + status);     });   }); }); </script>  

WordPress Version

<script> jQuery(document).ready(function( $   ) {   jQuery("#voteButton").click(function(){     $  .post("/home/xxxxxxxxxxxx/public_html/wp-content/custom-php/votifier.php",     {       key: $  .trim($  ("#field_yjr62").val()),       ip: $  ('input[name="item_meta[40]"]').val(),       port: $  ('input[name="item_meta[42]"]').val(),       service: "Votifier",       username: $  ('input[name="item_meta[59]"]').val()     },     function(data,status){       alert("Data: " + data + "\nStatus: " + status);     });   }); }); </script> 

My Custom PHP Script

<?php  const VOTE_FORMAT = "VOTE\n%s\n%s\n%s\n%d\n"; const PUBLIC_KEY_FORMAT = "-----BEGIN PUBLIC KEY-----\n%s\n-----END PUBLIC KEY-----";  $  public_key     = formatPublicKey($  _POST['key']); $  server_ip      = $  _POST["ip"]; $  port           = $  _POST["port"]; $  service_name   = $  _POST["service"]; $  username       = $  _POST["username"];  sendVote($  username, $  public_key, $  server_ip, $  port, $  service_name);  function formatPublicKey($  public_key) {     $  public_key = wordwrap($  public_key, 65, "\n", true);     $  public_key = sprintf(PUBLIC_KEY_FORMAT, $  public_key);     return $  public_key; }  function sendVote($  username, $  public_key, $  server_ip, $  port, $  service_name) {       if (php_sapi_name() !== 'cli') {         //Detect proxy and use correct IP.         $  address = isset($  _SERVER['HTTP_X_FORWARDED_FOR']) ? $  _SERVER['HTTP_X_FORWARDED_FOR'] : $  _SERVER['REMOTE_ADDR'];     } else {         //Script is run via CLI, use server name.         $  address = $  _SERVER['SERVER_NAME'];     }      $  data = sprintf(VOTE_FORMAT, $  service_name, $  username, $  address, time());     openssl_public_encrypt($  data, $  crypted, $  public_key);     $  socket = @fsockopen($  server_ip, $  port);      if ($  socket) {         if (fwrite($  socket, $  crypted)) {             fclose($  socket);             return true;         }     }      return false; } ?> 

MySQL trigger calling stored procedure always get null value for out parameter of stored procedure

My stored procedure OUT parameter, always return a null value.

Here is sample Table, Trigger and Procedure code.

Table: test
Columns:

  • id - Int
  • status - enum(‘pass’, ‘fail’)

    • status - enum(‘pass’, ‘fail’) (null is allowed)

Values in a table:

id  |  status 1   |  null 

Trigger:

create trigger BEFORE_UPDATE_TEST before update on `test` for each row begin      call Test_BEFORE_UPDATE_TEST(old.id, @updatedStatus);         ## I always get @updatedStatus null/nil      if (@updatedStatus is not null and @updatedStatus <> new.status) then         set new.status = @updatedStatus;     end if;  end; 

Procedure:

create procedure Test_BEFORE_UPDATE_TEST (   IN id int(5),   OUT status enum(‘pass’, ‘fail’) ) begin    @status = ‘pass’;  END; 

What is wrong with this code, as I get unexpected result as null in the value @updatedStatus, which should be 'pass'.

I looked around following QAs on dba.stackexchange but could’t find solution.

I use MySQLWorkbench in MacOS Catalina and version of MySQL is 8.0.19.