debug_kit | Debug Toolbar for CakePHP applications | Web Framework library

I have an app in cakephp 3 which started to report open_basedir restriction in effect. File(/) is not within the allowed path(s) a few weeks ago. I tried to debug it but I wasn't successful in finding the reason why. The app worked okay for like 2.5 years and it just started to appear now but without any changes of code parts which use caching or changing config. In config I have "path" set correctly for every cache mode. And it also is not from consistent url/method. It appears randomly in like less than 1% of calls now. It was more often the first week or so. Is there any way how to debug this and find the reason? Do you know any possible reason for this behavior? I have tried everything I could think of but without success.

Example of config:

I'm trying to get an ajax request working in CakePHP4, but keep running into the CSRF protection.

In my controller:

CakePHP Version: 4.0.1

Introduction

This problem follows on from another problem I had here where a not ideal solution was to redirect back to itself. Unfortunately the controller I was testing didn't have any associated columns so this new problem was not identified.

I referenced this in the cookbook.

Hopefully the below code will allow the problem to be reproduced.

Contacts Table

I set up CakePHP 4.0.6 on my Lubuntu. Using a local Apache Server. Installation went fine I can see the welcome page.

Then I startet the CMS Tutorial, created the tables in the database and then created everything with bake ./cake bake all --everything This worked fine as well and I could see the /users/index page.

Next of course I tried to play with the cms by adding an user, the form was shown and i filled in the requested information but upon submitting i got this error: Missing CSRF token body

Stacktrace:

[Cake\Http\Exception\InvalidCsrfTokenException] Missing CSRF token body in /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php on line 254 Stack Trace: - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Middleware/CsrfProtectionMiddleware.php:133 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:58 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Routing/Middleware/RoutingMiddleware.php:162 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Routing/Middleware/AssetMiddleware.php:68 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Error/Middleware/ErrorHandlerMiddleware.php:119 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73 - /home/david/Software/cakePhpTest/vendor/cakephp/debug_kit/src/Middleware/DebugKitMiddleware.php:60 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:73 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Runner.php:58 - /home/david/Software/cakePhpTest/vendor/cakephp/cakephp/src/Http/Server.php:90 - /home/david/Software/cakePhpTest/webroot/index.php:40 Request URL: /users/add Referer URL: http://localhost:8765/users/add Client IP: 127.0.0.1

What really puzzles me is that according to CakePHP Documentation cross site request forgery protection would have to be enabled in src/Application.php which is not in a freshly installed project. I checked.

So how can something that is not enabled cause an error.

To see what happend if i would enable it, i copied the code from the documentation:

I'm following the upgrade instructions for moving a CakePHP project to version 4. All went well until the final command:

php composer.phar require --update-with-dependencies "cakephp/cakephp:4.0.*"

This resulted in

Problem 1

• cakephp/bake 1.11.2 requires cakephp/cakephp ^3.8.0 -> satisfiable by cakephp/cakephp[3.8.0, >>3.8.0-RC1, 3.8.0-RC2, 3.8.0-RC3, 3.8.0-beta1, 3.8.1, 3.8.10, 3.8.11, 3.8.2, 3.8.3, 3.8.4, >>3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 3.x-dev] but these conflict with your requirements or >.minimum-stability.
• cakephp/bake 1.11.2 requires cakephp/cakephp ^3.8.0 -> satisfiable by cakephp/cakephp[3.8.0, 3.8.0-RC1, 3.8.0-RC2, 3.8.0-RC3, 3.8.0-beta1, 3.8.1, 3.8.10, 3.8.11, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 3.x-dev] but these conflict with your requirements or minimum-stability.
• cakephp/bake 1.11.2 requires cakephp/cakephp ^3.8.0 -> satisfiable by cakephp/cakephp[3.8.0, 3.8.0-RC1, 3.8.0-RC2, 3.8.0-RC3, 3.8.0-beta1, 3.8.1, 3.8.10, 3.8.11, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 3.x-dev] but these conflict with your requirements or minimum-stability.
• Installation request for cakephp/bake (locked at 1.11.2, required as ^1.9.0) -> satisfiable by cakephp/bake[1.11.2].

The VERSION.txt for the project shows CakePHP at 3.8.11.

In the composer.json file: