-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CSRF for API calls #1681
Comments
@artursmolarek are you accessing the API programmatically through something like curl or are you using the browser? Could you possible post the entirety of your POST/PUT request, including the headers that you're sending along? |
You are right. That was problem with my Chrome extension (postman). Looks that it shares session with UI. Using curl is better, but I have another problem.
Is this URL ok? I could`t find official documentation anywhere. Edit: |
hello, I got the same problem with "CSRF header and cookie do not match". Get Method is working fine. but not for POST. Here is my HTTP POST request output: Request Headers: Sent Cookie: |
@artursmolarek i'm also facing the same issue.Can you please provide the solution if you resolved this issue. |
You're hitting the CSRF check because you're sending a User-Agent that looks like a browser (contains (Or if you really want, you can send the value of the CSRF cookie as an |
@vincent99 i want to get some service apis(which are jsons) to my Application.I am sending the request from postman for now..sending CATTLE_ACCESS_KEY,CATTLE_SECRET_KEY,X-Api-Csrf in headers. But i'm getting this error |
Access key and secret key aren't headers. The API does http basic auth. |
@vincent99 can you provide me any references how to access rancher service apis(jsons) from external application(like scala..) |
@vincent99 If i enable interceptor in postman i'm able to get the json,but when i tried with scala rest client application endedup with "Unauthorized" error. We used github authentication for Rancher. From scala application how to do authentication? |
|
I am trying to use API provided by Rancher UI.
When I call "GET /v1/containers", API returns list of my containers.
But when I replace GET by POST/PUT I got:
I am using basic auth with generated credentials.
I have tried to call other URLs, but with the same result.
How can I disable CSRF? Or what should I change in my request?
The text was updated successfully, but these errors were encountered: