Defect #15424
closedFilter chain halted as :verify_authenticity_token rendered or redirected
0%
Description
When executing a post request to creat a User using a Java Jersey client and the API access key, I get the following error:
Started POST "/users.xml?key=984434......." for 194.208.16.210 at 2013-11-21 10:01:43 +0100 Processing by UsersController#create as XML Parameters: {"user"=>{"id"=>"0", "login"=>"jdoe", "firstname"=>"John", "lastname"=>"Doe", "mail"=>"john@doe.at", "password"=>"[FILTERED]", "created_on"=>"2013-11-21T10:01:43.650+01:00"}, "key"=>"984434......."} WARNING: Can't verify CSRF token authenticity API calls must include a proper Content-type header (application/xml or application/json). Filter chain halted as :verify_authenticity_token rendered or redirected Completed 422 Unprocessable Entity in 0.4ms (ActiveRecord: 0.0ms)
I do not find a way to get the resp. Token via REST, is there even one provided?
According to http://stackoverflow.com/questions/10167956/rails-shows-warning-cant-verify-csrf-token-authenticity-from-a-restkit-post it would be safe to remove :verify_authenticity_token
for calls coming via API.
Files
Related issues
Updated by Marco Descher about 11 years ago
- File output.png output.png added
I tried several approaches, enclosed you see the direct packet post request, and here the according log output
Started POST "/users.xml?key=98432342...." for 194.208.16.210 at 2013-11-21 11:24:30 +0100 Processing by UsersController#create as XML Parameters: {"user"=>{"login"=>"jplang", "firstname"=>"Jean-Philippe", "lastname"=>"Lang", "password"=>"[FILTERED]", "mail"=>"jp_lang@yahoo.fr"}, "key"=>"98432342"} WARNING: Can't verify CSRF token authenticity API calls must include a proper Content-type header (application/xml or application/json). Filter chain halted as :verify_authenticity_token rendered or redirected Completed 422 Unprocessable Entity in 0.4ms (ActiveRecord: 0.0ms)
Updated by Marco Descher about 11 years ago
2.3.3 works - output delivers a reason
Started POST "/users.xml?key=dsdfsd" for 194.208.16.210 at 2013-11-21 11:43:34 +0100 Processing by UsersController#create as XML Parameters: {"user"=>{"login"=>"jplang", "firstname"=>"Jean-Philippe", "lastname"=>"Lang", "password"=>"[FILTERED]", "mail"=>"jp_lang@yahoo.fr"}, "key"=>"dsdsd"} WARNING: Can't verify CSRF token authenticity Current user: wfeconnector (id=4) Rendered common/error_messages.api.rsb (0.4ms) Completed 422 Unprocessable Entity in 34ms (Views: 2.5ms | ActiveRecord: 2.1ms)
HTTP Response
HTTP/1.1 422 Unprocessable Entity Date: Thu, 21 Nov 2013 10:43:34 GMT Server: Apache/2.2.22 (Debian) X-UA-Compatible: IE=Edge,chrome=1 Cache-Control: no-cache X-Request-Id: 485987ed29c474535edc40ed6da973f3 X-Runtime: 0.039722 X-Rack-Cache: invalidate, pass X-Powered-By: Phusion Passenger 4.0.18 Set-Cookie: _redmine_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRkkiJTY0ZTgyYjYwNjNiZjk5YmI1MTQzOTIxODYxOTcyMjEyBjsAVA%3D%3D--efbe3629d7071d5e7edffd65a5530dadc44c6343; path=/; HttpOnly Set-Cookie: autologin=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT Status: 422 Unprocessable Entity Transfer-Encoding: chunked Content-Type: application/xml; charset=utf-8 <?xml version="1.0" encoding="UTF-8"?><errors type="array"><error>Kennwort ist zu kurz (nicht weniger als 8 Zeichen)</error></errors>
Updated by Marco Descher about 11 years ago
I tried this. The call works flawlessly on 2.3.3, it however fails on 2.4.0!
Please check REST API POST access in 2.4.0!
Updated by Jean-Philippe Lang about 11 years ago
- Status changed from New to Closed
- Resolution set to Duplicate
Fixed in 2.4.1 that will be released tomorrow, see #15427.
Updated by Jean-Philippe Lang about 11 years ago
- Is duplicate of Defect #15427: REST API POST and PUT broken added
Updated by Mischa The Evil almost 10 years ago
- Related to Defect #10780: Logout by using POST REST API added