Mercurial > p > roundup > code
comparison doc/rest.txt @ 5698:c7dd1cae3416
Update rest.txt example to include headers required for CSRF
validation. Update config doc: X-Requested-With is used with rest as
well as xmlrpc.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 08 Apr 2019 20:00:01 -0400 |
| parents | 3e1b66c4e1e2 |
| children | 0b79bfcb3312 |
comparison
equal
deleted
inserted
replaced
| 5697:5a9159ad773f | 5698:c7dd1cae3416 |
|---|---|
| 168 >>> if r.status_code != 200: | 168 >>> if r.status_code != 200: |
| 169 ... print("Failed: %s: %s" % (r.status_code, r.reason)) | 169 ... print("Failed: %s: %s" % (r.status_code, r.reason)) |
| 170 ... exit(1) | 170 ... exit(1) |
| 171 >>> print (r.json() ['data']['data'] | 171 >>> print (r.json() ['data']['data'] |
| 172 TEST Title | 172 TEST Title |
| 173 >>> r = s.post (u + 'issue', data = dict (title = 'TEST Issue')) | 173 >>> h = {'X-Requested-With': 'rest', 'Referer': 'http://tracker.example.com/demo/'} |
| 174 >>> r = s.post (u + 'issue', data = dict (title = 'TEST Issue'), headers=h) | |
| 174 >>> if not 200 <= r.status_code <= 201: | 175 >>> if not 200 <= r.status_code <= 201: |
| 175 ... print("Failed: %s: %s" % (r.status_code, r.reason)) | 176 ... print("Failed: %s: %s" % (r.status_code, r.reason)) |
| 176 ... exit(1) | 177 ... exit(1) |
| 177 >>> print(r.json()) | 178 >>> print(r.json()) |
| 178 | 179 |
| 182 >>> r = s.get (u + 'issue/42') | 183 >>> r = s.get (u + 'issue/42') |
| 183 >>> etag = r.headers['ETag'] | 184 >>> etag = r.headers['ETag'] |
| 184 >>> print("ETag: %s" % etag) | 185 >>> print("ETag: %s" % etag) |
| 185 >>> etag = r.json()['data']['@etag'] | 186 >>> etag = r.json()['data']['@etag'] |
| 186 >>> print("@etag: %s" % etag) | 187 >>> print("@etag: %s" % etag) |
| 187 >>> h = {'If-Match': etag} | 188 >>> h = {'If-Match': etag, 'X-Requested-With': 'rest', 'Referer': 'http://tracker.example.com/demo/'} |
| 188 >>> d = {'@op:'action', '@action_name':'retire'} | 189 >>> d = {'@op:'action', '@action_name':'retire'} |
| 189 >>> r = s.patch(u + 'issue/42', data = d, headers = h) | 190 >>> r = s.patch(u + 'issue/42', data = d, headers = h) |
| 190 >>> print(r.json()) | 191 >>> print(r.json()) |
| 191 >>> d = {'@op:'action', '@action_name':'restore'} | 192 >>> d = {'@op:'action', '@action_name':'restore'} |
| 192 >>> r = s.patch(u + 'issue/42', data = d, headers = h) | 193 >>> r = s.patch(u + 'issue/42', data = d, headers = h) |
| 193 >>> print(r.json()) | 194 >>> print(r.json()) |
| 195 | |
| 196 Note the addition of headers for: x-requested-with and referer. This | |
| 197 allows the request to pass the CSRF protection mechanism. You may need | |
| 198 to add Origin if this check is enabled in your tracker's config.ini. | |
| 199 | |
| 194 | 200 |
| 195 Adding new rest endpoints | 201 Adding new rest endpoints |
| 196 ========================= | 202 ========================= |
| 197 | 203 |
| 198 Add or edit the file interfaces.py at the root of the tracker | 204 Add or edit the file interfaces.py at the root of the tracker |