Start a new topic
Answered

CSRF token missing or incorrect (Driller)

Hey!

I've starting implemeting Driller API yesterday. on jun 7th I've tried enpoints in Postman and successfully posted file for processing. now, when I try the same API call, I recievie this error message.


{

    "detail": "CSRF Failed: CSRF token missing or incorrect."

}


I don't know what causes this, maybe that I've visited this page?

image

which engaged the csfr validation?

or have you just played with server config?


I'd be happy for any kind of help :)


btw this is the postman config:

image



Best Answer

Hello collabim,



Sorry for the late response, it took us a while to be able to debug this.



You are right, at visiting the Driller you got a `CSRF` token that is required to submitted batches from the web interface, and when you used Postman again, it took that cookies value from your browser and submitted as part of the API request, this is rejected by the API server as is not what it expected.


You can solve this by removing your cookies before using postman, our using any other API client that is not linked to your browser cookies.


I'd like to see Postman using the loophole of gaining those cookies from chromium, which are in SQLite in ~./config/chromium/Default/Cookies :D


but cookies were a great clue! The user using Postman for calling the API has to clear his Cookies before every POST :D that's quite not-genius :D 


btw yes, I cleared all cookies for scrapinghub in chromium. and even after that, it was not functional until I cleared them directly in postman here


image


btw funny is, you validate parameters of the request before the CSRF token :D


Thank you for your time :)

Answer

Hello collabim,



Sorry for the late response, it took us a while to be able to debug this.



You are right, at visiting the Driller you got a `CSRF` token that is required to submitted batches from the web interface, and when you used Postman again, it took that cookies value from your browser and submitted as part of the API request, this is rejected by the API server as is not what it expected.


You can solve this by removing your cookies before using postman, our using any other API client that is not linked to your browser cookies.

Login to post a comment