Hi,
Trying to create an endpoint using the API while CSRF Check is enabled; everything works if that check is disabled.
Using Python3, sending a GET request first to 'fetch' the token and then feeding that back into the headers for a POST request to /ers/config/endpoint.
Here's my initial GET request and response that works:
GET /ers/config/endpointgroup/name/groupGreen HTTP/1.1
Host: 10.81.127.170:9060
Accept-Encoding: identity
accept: application/json
content-type: application/json
authorization: Basic [redacted]
cache-control: no-cache
X-CSRF-TOKEN: fetch
---------------------
Cache-Control: no-cache, no-store, must-revalidate
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: JSESSIONIDSSO=9E81D20C04095E5C0F82668222D54193; Path=/; Secure; HttpOnly
Set-Cookie: APPSESSIONID=5AFA8F314D99A5921C61817BCF21997D; Path=/ers; Secure; HttpOnly
X-CSRF-Token: C883A27FBEA77E4BAAF85028FD0E229E
Pragma: no-cache
ETag: "D5755A00DC6F46C650D6B5D8E550DBE0"
Date: Tue, 05 Feb 2019 22:59:13 GMT
Content-Type: application/json;charset=utf-8
Content-Length: 322
So I have my CSRF token to feed into the POST to add the endpoint:
POST /ers/config/endpoint HTTP/1.1
Host: 10.81.127.170:9060
Accept-Encoding: identity
Content-Length: 183
X-CSRF-Token: C883A27FBEA77E4BAAF85028FD0E229E
accept: application/json
content-type: application/json
authorization: Basic [redacted]
cache-control: no-cache
------------------
Status: 404
Set-Cookie: JSESSIONIDSSO=C4AF34E0D41D8D0CEBC9309A0F7777E6; Path=/; Secure; HttpOnly
Set-Cookie: APPSESSIONID=E45F80818D77D32377B8F3F3C0351B97; Path=/ers; Secure; HttpOnly
X-CSRF-Token: Required
Content-Length: 0
Date: Tue, 05 Feb 2019 22:59:13 GMT
Why is my token not accepted?
Is this CSCvi80094? Not sure a 403 Forbidden would actually help me here.
Thanks,
Mike.
