Hi, I’m looking for a way to hide the search parameters displayed in the browser URL using the plugin in question with CakePHP 4. If that’s not possible, alternative tactics are also welcome. Thanks.
I guess my question would be why? The person that searched will surely know what they just searched for, so why hide it? I believe the plugin uses the PRG paradigm, which is generally agreed to be more user-friendly than just posting data.
Users search based on what they see, but the corresponding data in the record is confidential. For example, they can select people’s names, but in the record, those same people are identified by their tax code.
But how does not including the search parameters in the URL make anything more secure or confidential? I’m not trying to be difficult, I’m trying to understand your problem, so that a useful solution might be suggested.
You can always proxy them away using a “hash map”.
So the exact conditions are hidden behind a ?q=xyz (can be UUID or other random values)
And xyz string internally resolves back into the array of conditions for example.
If dynamic, this likely needs to be a DB table for lookup (from json stored data somewhere).
If you only have a few options, this could be a hardcoded map.
Thats not transparent of course, but thats the goal here clearly 
Fun fact: The new Cake53 pagination system I built also does allow similar grouping and sorting for general cases, you can add inifite things within one “x asc/desc” and make those not exposed.
Yes, perhaps I phrased the question incorrectly. My goal is to not display the parameters in the URL, but at the same time, I’m aware that the best solution would be to pass the data as securely as possible.
I still am not understanding the use case where “process the data securely” and “display the parameters in the URL” are mutually incompatible things. If a user can see certain data, then it shouldn’t matter if it’s in the URL or not. If they can’t see it, they should not be able to see it anywhere, URL or otherwise.
Thanks for the advice, which pointed me toward a strategy that uses encrypted cookies. I solved the problem, thank you very much.