Invalid CSRF token
148 views
Skip to first unread message
Farid Le Moullec
Oct 12, 2021, 9:03:44 AM10/12/21
to DSpace Technical Support
Hi,
We are testing DSpace 7 BackEnd and we want to access APIs from Postman or Java programs. It's OK for Get but not for Post requests.
Our settings : backend in https with tomcat server like this :
<Connector port="8080" protocol="HTTP/1.1"
SSLEnabled="true" scheme="https" keystoreFile="ssl/filename.jks" keystorePass="archimed" clientAuth="false" sslProtocol="TLS"
connectionTimeout="20000"
redirectPort="8443" />
SSLEnabled="true" scheme="https" keystoreFile="ssl/filename.jks" keystorePass="archimed" clientAuth="false" sslProtocol="TLS"
connectionTimeout="20000"
redirectPort="8443" />
The https is working well.
have you any ideas of what's going wrong ?
Thank you
Farid
Tim Donohue
Oct 12, 2021, 12:04:31 PM10/12/21
to DSpace Technical Support
Hi Farid,
All non-GET / modifying requests to the v7 REST API *require* a valid CSRF token to be passed. You can find information about how to obtain the CSRF token (it's usually sent back to you on your first GET, but may be updated after login/logout, etc) and how to send it back in our REST API Contract docs at https://github.com/DSpace/RestContract/blob/main/csrf-tokens.md
All non-GET / modifying requests to the v7 REST API *require* a valid CSRF token to be passed. You can find information about how to obtain the CSRF token (it's usually sent back to you on your first GET, but may be updated after login/logout, etc) and how to send it back in our REST API Contract docs at https://github.com/DSpace/RestContract/blob/main/csrf-tokens.md
If you have further questions, let us know on this list.
Tim
Reply all
Reply to author
Forward
0 new messages