I am trying to make a POST request to add a new post, however I am getting a ‘BAD CSRF’ error. My understanding is that API requests are supposed to be checked for a CSRF token if my request contains the api key. Here is my request and associated response…am I missing something?
curl -v 'http://localhost:3000' --data 'raw=This+is+the+new+body+of+the+topic&category=4&title=Sample+New+Topic' -H 'api_key:myLongAPIKey' -H 'api_username:myusername'
* upload completely sent off: 101 out of 101 bytes < HTTP/1.1 403 Forbidden * Server nginx is not blacklisted < Server: nginx < Date: Tue, 16 Sep 2014 23:20:16 GMT < Content-Type: text/html; charset=utf-8 < Transfer-Encoding: chunked < Connection: keep-alive < Status: 403 Forbidden < X-Frame-Options: SAMEORIGIN < X-XSS-Protection: 1; mode=block < X-Content-Type-Options: nosniff < X-Request-Id: 9177c562-77f8-45bb-bbd0-502bad52e020 < X-Runtime: 0.074701 < Set-Cookie: __profilin=p%3Dt; path=/ < * Connection #0 to host localhost:3000 left intact ['BAD CSRF']