The issue is the user-agent header in the request:
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.106 Safari/537.36
XNAT checks requests and, if a request comes from an “interactive agent”–i.e. a browser or something similar–it tests that the CSRF token matches the token stored in the user’s login session. This is to prevent cross-site request forgeries by malicious scripts embedded in the browser or other sites or whatever. If the request does not come from an interactive agent–e.g. curl, httpie, or other command-line tools–XNAT doesn’t check for the CSRF token.
In your case, this request appears to XNAT to be coming from an interactive agent, specifically Chrome v80 on Windows 10, so it’s checking the CSRF token, not finding it, and letting you know.
There are three ways to solve this:
HTH
--
Rick Herrick
Sr. Programmer/Analyst
Neuroinformatics Research Group
Washington University School of Medicine
Phone: +1 (314) 273-1645
--
You received this message because you are subscribed to the Google Groups "xnat_discussion" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
xnat_discussi...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/xnat_discussion/e0c7e428-06ff-4f29-86ae-d6678a0c757e%40googlegroups.com.
The materials in this message are private and may contain Protected Healthcare Information or other information of a sensitive nature. If you are not the intended recipient, be advised that any unauthorized use, disclosure, copying or the taking of any action in reliance on the contents of this information is strictly prohibited. If you have received this email in error, please immediately notify the sender via telephone or return mail.