Ryan_NR
(Ryan)
June 22, 2020, 3:26pm
1
Howdy!
I’m trying to run an API call to create a new topic. Discourse API Docs
Using Postman I am sending in the API Key / Username / Content-Type as Headers, and JSON data in the body.
I have verified the API Username and Key are correct, but, the API call returns the HTML of our sign in page.
Is this expected? How can I work around that?
1 Like
Falco
(Falco)
June 22, 2020, 4:35pm
2
Can you please paste the cURL
version of the API call you are trying to make?
4 Likes
Ryan_NR
(Ryan)
June 23, 2020, 7:05am
3
Sure…
curl -X POST 'https://staging-discuss.newrelic.com/posts.json' \
-H 'Api-Username: RyanVeitch' -i \
-H 'Api-Key: My-API-Key' -i \
-H 'Content-Type: application/json' \
-d \
'{
"title": "My fancy title",
"raw": "Some random text to fill my topic",
"category": 212,
"created_at": "2020-06-22"
}'
In the terminal I get this output:
HTTP/1.1 307 Temporary Redirect
Proxied-By: Service Gateway
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://staging-login.newrelic.com/login?return_to=https%3A%2F%2Fstaging-discuss.newrelic.com%2Fposts.json
content-type: text/plain;charset=UTF-8
content-length: 138
Redirecting to a different URI: https://staging-login.newrelic.com/login?return_to=https%3A%2F%2Fstaging-discuss.newrelic.com%2Fposts.json%
1 Like
Ryan_NR
(Ryan)
June 23, 2020, 3:36pm
4
Let me know if you need anything else from my side to help in troubleshooting
Falco
(Falco)
June 23, 2020, 5:16pm
5
Appears that you have a very custom setup with a proxy in the middle.
That is not standard Discourse behavior, so it looks like this is caused by your special proxy thing.
Maybe there is a special Header you can send to bypass the proxy? Gotta check with that product docs.
6 Likes
Ryan_NR
(Ryan)
June 24, 2020, 6:45am
6
Cool! Thanks @Falco - I’ll dig in with our dev team
2 Likes
Ryan_NR
(Ryan)
June 25, 2020, 9:31am
7
Hey @Falco - I managed to get through the proxy but I’m now being hit by 403 BAD CSRF
Errors.
I see this thread seems kinda unfinished…
Can you share with me your actual ruby code to make this request? I’m unable to reproduce this locally. Here is the Postman json call I’m making and I’m always getting a response back:
[image]
[image]
Also I don’t think you need the extra post["raw"] parameter.
Parameters: {"title"=>"RT @love_se4: One of those hidden gems in the local community, you just have to try. Over 170 different gins. Proper mixologists who know h…", "raw"=>"https://twitter.com/se23_tweets/status/1127663613412630529"…
Do you have any thoughts on how to beat these errors?
2 Likes
blake
(Blake Erickson)
June 25, 2020, 3:37pm
8
I just tested your example curl command locally and it is working fine for me so the syntax is all correct. Is is possible the proxy is stripping some headers? That could be why you are getting the BAD CSRF errors because it can no longer read/access the api credentials.
3 Likes
Ryan_NR
(Ryan)
June 25, 2020, 3:51pm
9
Thanks @blake
Our proxy is fully custom in house built and it’s a front layer to the public.
I’m VPN’d into our internal network & I’m not hitting the public URL, I’m hitting the backend (behind proxy) URL, so, the requests shouldn’t be going through the proxy.
Our staging discourse instance is v 2.3.10
Does the API behave differently on that version?
1 Like
blake
(Blake Erickson)
June 25, 2020, 4:09pm
10
Nope, v2.3.10 still has all the header based auth stuff so it shouldn’t behave any different.
You are hitting this line:
https://github.com/discourse/discourse/blob/632ef306e20c8857c23795baabe05a7617c490a1/app/controllers/application_controller.rb#L41
which means your request is malformed in some way and it can’t detect that it is an api request.
2 Likes
blake
(Blake Erickson)
June 25, 2020, 4:25pm
11
Because this is a staging instance and not local you will have nginx or some other webserver running before it hits discourse. It’s possibly nginx is stripping some headers depending on your config. These may show up in the nginx logs.
This is the line where it reads the api credentials out of the request headers. You could also add some debug statements to this file to figure out if the headers are getting this far.
https://github.com/discourse/discourse/blob/632ef306e20c8857c23795baabe05a7617c490a1/lib/auth/default_current_user_provider.rb#L48
4 Likes
Ryan_NR
(Ryan)
June 25, 2020, 5:07pm
12
@blake
Thanks! I’ll take this up with our dev team
Appreciate your help
1 Like
system
(system)
Closed
July 25, 2020, 5:07pm
13
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.