BAD CSRF on user modification

tschuerle · 6 يوليو 2020، 2:19م

Hi everyone,

we running in ["BAD CSRF"] Errors (403, Forbidden) at the moment.
Request with API-Key looks like:
Url: https://<domain>/u/tschuerle.json?api_key=<valid key>&api_username=tschuerle
Body: { "hide_profile_and_presence": true }
Method: PUT
Headers: "Content-Type" to "application/json"

According to the web-hook logs It worked until April. At the moment we are running the lastest stable version 2.5.0.

Usecase: Set profiles to private after user-creation via web-hook and let the user’s decide on their own, if they want to make their profile public.

Any hints?

Thanks,
Thomas

Falco · 6 يوليو 2020، 3:08م

API Keys now need to be set as headers instead of URL parameters. Check docs.discourse.org for details.

tschuerle · 6 يوليو 2020، 3:20م

Oh, I missed that. It’s working with that
Thank you @Falco

system · 5 أغسطس 2020، 3:20م

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

الموضوع		الردود	مرات العرض
'BAD CSRF' while creating a new post Support	2	1817	23 مايو 2020
"BAD CSRF" when executing PUT using API, curl, and PHP Dev rest-api	6	2271	4 مايو 2024
Getting ["BAD CSRF"] when updating topic via API [python] Dev rest-api	2	955	9 أغسطس 2021
Problem updating user custom_fields created by a plugin Dev	9	1231	18 أبريل 2019
403 Error during multiple API calls Dev rest-api	3	1584	17 أبريل 2020

BAD CSRF on user modification

الموضوعات ذات الصلة