CSRF Failed: CSRF token missing. When calling the API within a plugin #15680

PaulR282 · 2024-04-10T08:54:56Z

PaulR282
Apr 10, 2024

I have a plugin where I need to do an API call in JavaScript. Locally in Python, it runs just fine, but within the plugin, I always get a 403 Forbidden with the response: CSRF Failed: CSRF token missing. I tried adding the URL to CSRF_TRUSTED_ORIGINS in the configuration.py like mentioned in #9043 but without any success. I enabled debug mode and logging, but the docker container log only states a 403 without more details. Any ideas?

Answered by PaulR282

Apr 11, 2024

Fixed it by parsing the csrf from the jinja template to the js fetch function header ("X-CSRFToken": csrf). The Authorization Token is also not needed if you parse the csrf Token.

View full answer

PaulR282 · 2024-04-11T10:42:01Z

PaulR282
Apr 11, 2024
Author

Fixed it by parsing the csrf from the jinja template to the js fetch function header ("X-CSRFToken": csrf). The Authorization Token is also not needed if you parse the csrf Token.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CSRF Failed: CSRF token missing. When calling the API within a plugin #15680

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

CSRF Failed: CSRF token missing. When calling the API within a plugin #15680

Uh oh!

PaulR282 Apr 10, 2024

Replies: 1 comment

Uh oh!

PaulR282 Apr 11, 2024 Author

PaulR282
Apr 10, 2024

PaulR282
Apr 11, 2024
Author