[MarkLogic Dev General] 403 SCRF error on the Management API

Jim Fuller Jim.Fuller at marklogic.com
Thu Feb 16 06:04:22 PST 2017


You are bumping into the protection we have for CSRF (cross site request
forgery)


others have mentioned a chrome extension to stop Chrome from forcing an Origin
header (https://github.com/postmanlabs/postman-app-support/issues/744)

best to use curl or code ....

J

________________________________
From: general-bounces at developer.marklogic.com [general-bounces at developer.marklogic.com] on behalf of Florent Georges [lists at fgeorges.org]
Sent: 16 February 2017 14:59
To: MarkLogic Developer Discussion
Subject: [MarkLogic Dev General] 403 SCRF error on the Management API

Hi,

I create a database using the Management API.  I send the request
using Chrome's Postman.

    - URL: http://ml9ea4:8002/manage/v2/databases
    - Digest authorization with correct user/pwd
    - Content-Type: application/json
    - Body: raw: { "database-name": "foo-content" }

MarkLogic returns "403 CSRF" with no content.

Note the machine name is redirected to a VirtualBox machine on my
laptop, configured in /etc/hosts.  Also, the following works like a
charm, so it seems to be an issue related to Postman:

    curl -X POST --digest --user xxx:yyy         \
        --header "Content-Type:application/json" \
        -d'{ "database-name": "foo-content" }'   \
        http://ml9ea4:8002/manage/v2/databases

Any idea what can cause the 403?  Anyone experienced this already?

Regards,

--
Florent Georges
H2O Consulting
http://h2o.consulting/ - New website!


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://developer.marklogic.com/pipermail/general/attachments/20170216/66945319/attachment.html 


More information about the General mailing list