BAD CSRF on user modification

tschuerle · 6. Juli 2020 um 14:19

Hi everyone,

we running in ["BAD CSRF"] Errors (403, Forbidden) at the moment.
Request with API-Key looks like:
Url: https://<domain>/u/tschuerle.json?api_key=<valid key>&api_username=tschuerle
Body: { "hide_profile_and_presence": true }
Method: PUT
Headers: "Content-Type" to "application/json"

According to the web-hook logs It worked until April. At the moment we are running the lastest stable version 2.5.0.

Usecase: Set profiles to private after user-creation via web-hook and let the user’s decide on their own, if they want to make their profile public.

Any hints?

Thanks,
Thomas

Falco · 6. Juli 2020 um 15:08

API Keys now need to be set as headers instead of URL parameters. Check docs.discourse.org for details.

tschuerle · 6. Juli 2020 um 15:20

Oh, I missed that. It’s working with that
Thank you @Falco

system · 5. August 2020 um 15:20

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Thema		Antworten	Aufrufe
'BAD CSRF' while creating a new post Support	2	1827	23. Mai 2020
"BAD CSRF" when executing PUT using API, curl, and PHP Dev rest-api	6	2294	4. Mai 2024
Getting ["BAD CSRF"] when updating topic via API [python] Dev rest-api	2	957	9. August 2021
Problem updating user custom_fields created by a plugin Dev	9	1245	18. April 2019
403 Error during multiple API calls Dev rest-api	3	1592	17. April 2020

BAD CSRF on user modification

Verwandte Themen