Defect #15424
closed
Filter chain halted as :verify_authenticity_token rendered or redirected
Added by Marco Descher over 10 years ago.
Updated over 10 years ago.
Description
When executing a post request to creat a User using a Java Jersey client and the API access key, I get the following error:
Started POST "/users.xml?key=984434......." for 194.208.16.210 at 2013-11-21 10:01:43 +0100
Processing by UsersController#create as XML
Parameters: {"user"=>{"id"=>"0", "login"=>"jdoe", "firstname"=>"John", "lastname"=>"Doe", "mail"=>"john@doe.at", "password"=>"[FILTERED]", "created_on"=>"2013-11-21T10:01:43.650+01:00"}, "key"=>"984434......."}
WARNING: Can't verify CSRF token authenticity
API calls must include a proper Content-type header (application/xml or application/json).
Filter chain halted as :verify_authenticity_token rendered or redirected
Completed 422 Unprocessable Entity in 0.4ms (ActiveRecord: 0.0ms)
I do not find a way to get the resp. Token via REST, is there even one provided?
According to http://stackoverflow.com/questions/10167956/rails-shows-warning-cant-verify-csrf-token-authenticity-from-a-restkit-post it would be safe to remove :verify_authenticity_token for calls coming via API.
Files
I tried several approaches, enclosed you see the direct packet post request, and here the according log output
Started POST "/users.xml?key=98432342...." for 194.208.16.210 at 2013-11-21 11:24:30 +0100
Processing by UsersController#create as XML
Parameters: {"user"=>{"login"=>"jplang", "firstname"=>"Jean-Philippe", "lastname"=>"Lang", "password"=>"[FILTERED]", "mail"=>"jp_lang@yahoo.fr"}, "key"=>"98432342"}
WARNING: Can't verify CSRF token authenticity
API calls must include a proper Content-type header (application/xml or application/json).
Filter chain halted as :verify_authenticity_token rendered or redirected
Completed 422 Unprocessable Entity in 0.4ms (ActiveRecord: 0.0ms)
2.3.3 works - output delivers a reason
Started POST "/users.xml?key=dsdfsd" for 194.208.16.210 at 2013-11-21 11:43:34 +0100
Processing by UsersController#create as XML
Parameters: {"user"=>{"login"=>"jplang", "firstname"=>"Jean-Philippe", "lastname"=>"Lang", "password"=>"[FILTERED]", "mail"=>"jp_lang@yahoo.fr"}, "key"=>"dsdsd"}
WARNING: Can't verify CSRF token authenticity
Current user: wfeconnector (id=4)
Rendered common/error_messages.api.rsb (0.4ms)
Completed 422 Unprocessable Entity in 34ms (Views: 2.5ms | ActiveRecord: 2.1ms)
HTTP Response
HTTP/1.1 422 Unprocessable Entity
Date: Thu, 21 Nov 2013 10:43:34 GMT
Server: Apache/2.2.22 (Debian)
X-UA-Compatible: IE=Edge,chrome=1
Cache-Control: no-cache
X-Request-Id: 485987ed29c474535edc40ed6da973f3
X-Runtime: 0.039722
X-Rack-Cache: invalidate, pass
X-Powered-By: Phusion Passenger 4.0.18
Set-Cookie: _redmine_session=BAh7BkkiD3Nlc3Npb25faWQGOgZFRkkiJTY0ZTgyYjYwNjNiZjk5YmI1MTQzOTIxODYxOTcyMjEyBjsAVA%3D%3D--efbe3629d7071d5e7edffd65a5530dadc44c6343; path=/; HttpOnly
Set-Cookie: autologin=; path=/; expires=Thu, 01-Jan-1970 00:00:00 GMT
Status: 422 Unprocessable Entity
Transfer-Encoding: chunked
Content-Type: application/xml; charset=utf-8
<?xml version="1.0" encoding="UTF-8"?><errors type="array"><error>Kennwort ist zu kurz (nicht weniger als 8 Zeichen)</error></errors>
I tried this. The call works flawlessly on 2.3.3, it however fails on 2.4.0!
Please check REST API POST access in 2.4.0!
- Status changed from New to Closed
- Resolution set to Duplicate
Fixed in 2.4.1 that will be released tomorrow, see #15427.
- Is duplicate of Defect #15427: REST API POST and PUT broken added
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 