[MarkLogic Dev General] 403 SCRF error on the Management API

Florent Georges lists at fgeorges.org
Thu Feb 16 09:10:42 PST 2017


Thank you, Jim!

I was using Postman to try and organize a collection of requests for
sharing, but having a directory of shell scripts using cURL (or better,
HTTPie) is probably simpler.

Regards,

-- 
Florent Georges
H2O Consulting
http://h2o.consulting/ - New website!


On 16 February 2017 at 15:04, Jim Fuller wrote:

> You are bumping into the protection we have for *CSRF* (cross site request
> forgery)
>
> others have mentioned a chrome extension to stop Chrome from forcing an
> Origin
> header (https://github.com/postmanlabs/postman-app-support/issues/744)
>
> best to use curl or code ....
>
> J
>
> ------------------------------
> *From:* general-bounces at developer.marklogic.com [
> general-bounces at developer.marklogic.com] on behalf of Florent Georges [
> lists at fgeorges.org]
> *Sent:* 16 February 2017 14:59
> *To:* MarkLogic Developer Discussion
> *Subject:* [MarkLogic Dev General] 403 SCRF error on the Management API
>
> Hi,
>
> I create a database using the Management API.  I send the request
> using Chrome's Postman.
>
>     - URL: http://ml9ea4:8002/manage/v2/databases
>     - Digest authorization with correct user/pwd
>     - Content-Type: application/json
>     - Body: raw: { "database-name": "foo-content" }
>
> MarkLogic returns "403 CSRF" with no content.
>
> Note the machine name is redirected to a VirtualBox machine on my
> laptop, configured in /etc/hosts.  Also, the following works like a
> charm, so it seems to be an issue related to Postman:
>
>     curl -X POST --digest --user xxx:yyy         \
>         --header "Content-Type:application/json" \
>         -d'{ "database-name": "foo-content" }'   \
>         http://ml9ea4:8002/manage/v2/databases
>
> Any idea what can cause the 403?  Anyone experienced this already?
>
> Regards,
>
> --
> Florent Georges
> H2O Consulting
> http://h2o.consulting/ - New website!
>
>
>
> _______________________________________________
> General mailing list
> General at developer.marklogic.com
> Manage your subscription at:
> http://developer.marklogic.com/mailman/listinfo/general
>
> --
> <http://developer.marklogic.com/mailman/listinfo/general>
> Florent Georges
> <http://developer.marklogic.com/mailman/listinfo/general>
> http://fgeorges.org/
> http://h2o.consulting/ - New website!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://developer.marklogic.com/pipermail/general/attachments/20170216/bbef234f/attachment-0001.html 


More information about the General mailing list