Mercurial > p > roundup > code

diff doc/rest.txt @ 5698:c7dd1cae3416

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update rest.txt example to include headers required for CSRF validation. Update config doc: X-Requested-With is used with rest as well as xmlrpc.
author John Rouillard <rouilj@ieee.org>
date Mon, 08 Apr 2019 20:00:01 -0400
parents 3e1b66c4e1e2
children 0b79bfcb3312
line wrap: on
line diff
--- a/doc/rest.txt	Mon Apr 08 19:38:06 2019 -0400
+++ b/doc/rest.txt	Mon Apr 08 20:00:01 2019 -0400
@@ -170,7 +170,8 @@
         ...     exit(1)
         >>> print (r.json() ['data']['data']
         TEST Title
-        >>> r = s.post (u + 'issue', data = dict (title = 'TEST Issue'))
+        >>> h = {'X-Requested-With': 'rest', 'Referer': 'http://tracker.example.com/demo/'}
+        >>> r = s.post (u + 'issue', data = dict (title = 'TEST Issue'), headers=h)
         >>> if not 200 <= r.status_code <= 201:
         ...     print("Failed: %s: %s" % (r.status_code, r.reason))
         ...     exit(1)
@@ -184,7 +185,7 @@
         >>> print("ETag: %s" % etag)
         >>> etag = r.json()['data']['@etag']
         >>> print("@etag: %s" % etag)
-        >>> h = {'If-Match': etag}
+        >>> h = {'If-Match': etag, 'X-Requested-With': 'rest', 'Referer': 'http://tracker.example.com/demo/'}
         >>> d = {'@op:'action', '@action_name':'retire'}
         >>> r = s.patch(u + 'issue/42', data = d, headers = h)
         >>> print(r.json())
@@ -192,6 +193,11 @@
         >>> r = s.patch(u + 'issue/42', data = d, headers = h)
         >>> print(r.json())
 
+Note the addition of headers for: x-requested-with and referer. This
+allows the request to pass the CSRF protection mechanism. You may need
+to add Origin if this check is enabled in your tracker's config.ini.
+
+
 Adding new rest endpoints
 =========================
Roundup Issue Tracker: http://roundup-tracker.org/