You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The API supports guest uploads, via the vid parameter: https://docs.filesender.org/filesender/v2.0/rest/#guest-token. However, the API still checks the security tokens (Csrftoken and X-Filesender-Security-Token) for guest requests, which the user can't obtain using the API. Failing to provide these gives rest_xsrf_token_did_not_match.
Considering this, I wonder how it might be possible to support an API-only workflow for guest uploading?
The text was updated successfully, but these errors were encountered:
The API calls are made with AuthRemote being the authentication on the server side. We could either allow these security tokens to be read from the server or disable the checking of them for AuthRemote requests. It probably makes most sense to use Auth::isRemote() to allow both native REST calls and remote applications to avoid the xsrf checks.
The API supports guest uploads, via the
vid
parameter: https://docs.filesender.org/filesender/v2.0/rest/#guest-token. However, the API still checks the security tokens (Csrftoken
andX-Filesender-Security-Token
) for guest requests, which the user can't obtain using the API. Failing to provide these givesrest_xsrf_token_did_not_match
.Considering this, I wonder how it might be possible to support an API-only workflow for guest uploading?
The text was updated successfully, but these errors were encountered: