I had a problem executing a POST method, after a new security requirement was added (the Virus Scan Interface has been enabled) within IdM REST Interface Version 2 to prevent XSRF attacks. So I had to execute a non-modifying request (GET, HEAD, OPTIONS) first, where the X-CSRF-Token header field has the value Fetch. And after I had the value from my fist call in X-CSRF-Token header field I was able to execute a modifying request (POST...). Here is an example, how I do that:
var xsrfTokenValue="";
var myData = new Object();
$.ajax({
type: "GET",
url : "http:host:port/idmrest/v72alpha/entries/{MSKEY}/tasks/{TASKID}",
dataType : "json",
async: false,
contentType: 'application/json',
headers: {
"X-CSRF-Token": "Fetch",
"X-Requested-With": "JSONHttpRequest",
"X-Requested-With": "XMLHttpRequest",
"Content-type": "application/x-www-form-urlencoded"
},
success: function(res, status, xhr){
xsrfTokenValue =xhr.getResponseHeader("X-CSRF-Token");
}
});
$.ajax({
type: "POST",
url : "http:host:port/idmrest/v72alpha/entries/{MSKEY}/tasks/{TASKID}",
dataType : "json",
headers: {
"X-CSRF-Token": xsrfTokenValue,
"X-Requested-With": "JSONHttpRequest",
"X-Requested-With": "XMLHttpRequest",
"Content-type": "application/x-www-form-urlencoded"
},
data:myData,
async: false,
contentType: 'application/json',
success: function(data){
}
});
Note:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
11 | |
9 | |
7 | |
6 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 |