Using REST API from HTML Head/Top of Page


(Spero Koulouras) #1

I’d like to be able to create new topics using the REST API from code stuck into the top of page. The use case for this is to provide a simple box where the user can type a short message and have it automatically placed into a fixed category. I used a Javascript XHR to mimic “Create Topic” as closely as possible, passing the csrf-token and cookies. The Post created by “Create Topic” works and generates a new topic as it should. My post, which looks pretty identical, does not generate an error or a log, it just fails silently. I thought I could get away without using the api key since this is from within the user’s currently logged in session. Any thoughts?

Prototyped with the following code:

anHttpRequest.open( “POST”, “/posts”, true );
anHttpRequest.setRequestHeader(“X-CSRF-Token”, getMetaContent(“csrf-token”));
anHttpRequest.setRequestHeader(“X-Requested-With”, “XMLHttpRequest”);
anHttpRequest.setRequestHeader(“Content-type”,“application/x-www-form-urlencoded”);
anHttpRequest.send(“raw=another+in+the+string+of+messages&is_warning=false&category=32&archetype=regular&title=and+again+and+again”);

This generates an HTTP Post that is pretty much identical to what I see if I use Create Topic, except the new topic does not get created.

Remote Address:54.68.138.121:80
Request URL:http://dev.sennseis.com/posts
Request Method:POST
Status Code:200 OK

**Request Headers** view parsed
    POST /posts HTTP/1.1
    Host: dev.sennseis.com
    Connection: keep-alive
    Content-Length: 110
    Origin: http://dev.sennseis.com
    X-CSRF-Token: M+Cfdwd1RjaQcHO9gzg9aImTH+4Px8zYDYIoV7shJuE=
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.101 Safari/537.36
    Content-type: application/x-www-form-urlencoded
    Accept: */*
    Referer: http://dev.sennseis.com/c/help-requests
    Accept-Encoding: gzip,deflate
    Accept-Language: en-US,en;q=0.8
    Cookie: guidedTour=hide; SS_MID=6bf6d0c6-ea2f-4ece-8490-9f32a4833225i10u1rhs; ss_cid=da26a397-3728-4bbc-b1e6-edd79c421bc7; _t=f044cfefc86de3779b1f25b44ed79c38; _gat=1; _ga=GA1.2.831699875.1412601719; _forum_session=BAh7CUkiD3Nlc3Npb25faWQGOgZFVEkiJTMxMGQ4ZTI5OGVmMTM4MGZjNzRhYjVmNTcyNzk0MDdmBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMU0rQ2Zkd2QxUmphUWNITzlnemc5YUltVEgrNFB4OHpZRFlJb1Y3c2hKdUU9BjsARkkiGmRpc2FibGVfY3VzdG9taXphdGlvbgY7AEZGSSIKZmxhc2gGOwBUewdJIgxkaXNjYXJkBjsAVFsGSSIMcmVmZXJlcgY7AFRJIgxmbGFzaGVzBjsAVHsGSSIMcmVmZXJlcgY7AFQiNmh0dHA6Ly9kZXYuc2VubnNlaXMuY29tL3QvY3JlYXRlLWEtaGVscC10b3BpYy80MzE%3D--b2407c6eb3c578e8f16aa21b6494bda102b292d1

**Form Data** view parsed
    raw=another+in+the+string+of+messages&is_warning=false&category=32&archetype=regular&title=and+again+and+again

 **Response Headers** view source
    Connection:keep-alive
    Content-Encoding:gzip
    Content-Type:application/json; charset=utf-8
    Date:Sat, 18 Oct 2014 00:32:10 GMT
    Server:nginx
    Status:200 OK
    Transfer-Encoding:chunked
    X-Content-Type-Options:nosniff
    X-Frame-Options:SAMEORIGIN
    X-Request-Id:1b94e24c-1026-48d2-a48e-889e69a029b4
    X-Runtime:0.102528
    X-UA-Compatible:IE=edge
    X-XSS-Protection:1; mode=block

And here is the HTTP Post generated by Create Topic that works. If there are any meaningful differences they escape me. Watching the network trace in Chrome after getting the 200 response to this post Discourse does a Get to jump to the post - from the network trace it is not clear where the id of the new post gets returned. I have not looked at the Discourse source yet.

Remote Address:54.68.138.121:80
Request URL:http://dev.sennseis.com/posts
Request Method:POST
Status Code:200 OK

Request Headers view parsed
POST /posts HTTP/1.1
Host: dev.sennseis.com
Connection: keep-alive
Content-Length: 96
Origin: http://dev.sennseis.com
X-CSRF-Token: M+Cfdwd1RjaQcHO9gzg9aImTH+4Px8zYDYIoV7shJuE=
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/38.0.2125.101 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Accept: */*
X-Requested-With: XMLHttpRequest
Referer: http://dev.sennseis.com/c/help-requests
Accept-Encoding: gzip,deflate
Accept-Language: en-US,en;q=0.8
Cookie: guidedTour=hide; SS_MID=6bf6d0c6-ea2f-4ece-8490-9f32a4833225i10u1rhs; ss_cid=da26a397-3728-4bbc-b1e6-edd79c421bc7; _t=f044cfefc86de3779b1f25b44ed79c38; _forum_session=BAh7CUkiD3Nlc3Npb25faWQGOgZFVEkiJTMxMGQ4ZTI5OGVmMTM4MGZjNzRhYjVmNTcyNzk0MDdmBjsAVEkiEF9jc3JmX3Rva2VuBjsARkkiMU0rQ2Zkd2QxUmphUWNITzlnemc5YUltVEgrNFB4OHpZRFlJb1Y3c2hKdUU9BjsARkkiGmRpc2FibGVfY3VzdG9taXphdGlvbgY7AEZGSSIKZmxhc2gGOwBUewdJIgxkaXNjYXJkBjsAVFsASSIMZmxhc2hlcwY7AFR7BkkiDHJlZmVyZXIGOwBUIjZodHRwOi8vZGV2LnNlbm5zZWlzLmNvbS90L2NyZWF0ZS1hLWhlbHAtdG9waWMvNDMx--80751eab343207978a4495616969ddfee8745ccb; _gat=1; _ga=GA1.2.831699875.1412601719

Form Dataview parsed
raw=this+should+work&is_warning=false&category=32&archetype=regular&title=a+test+of+create+topic

Response Headersview source
Connection:keep-alive
Content-Encoding:gzip
Content-Type:application/json; charset=utf-8
Date:Sat, 18 Oct 2014 00:31:24 GMT
Server:nginx
Status:200 OK
Transfer-Encoding:chunked
X-Content-Type-Options:nosniff
X-Frame-Options:SAMEORIGIN
X-Request-Id:136e3eee-0a07-4077-8a92-cde25a7314cb
X-Runtime:0.090278
X-UA-Compatible:IE=edge
X-XSS-Protection:1; mode=block

(Spero Koulouras) #2

Nevermind. After logging out/logging back in the code works.


(Jeff Atwood) #3

(Kane York) #4

So, you need to add this:

anHttpRequest.setRequestHeader(“Cookie”, get_auth_cookie())