POST http://localhost:8080/open-platform-demo/login.jsp
with the headers Content-Type: application/json
and the json payload { "username": "admin", "password" : "admin" }
I get the login page page and a 200.
Does the demo not support the Rest API? Should I include a module?
@gilles there is a change in login flow in 5.3. You have to use /callback instead of /login.jsp and check for the CSRF-TOKEN cookie CSRF-TOKEN response header (in case of CORS). You have to send this token with every subsequent requests with X-CSRF-Token request header.
Could you follow up on this point when you have some time please. I currently am receiving the JSESSION cookie but not CSRF-TOKEN cookie. Any help appreciated. Thank you!
I’m using the Axelor API through a React frontend make the request using Axios.
Using postman the request can be made however I am unable to successfully make the same request in the browser. Postman adds the session cookie and CSRF token with the headers however when trying to do this in the browser a security issue is raised and the request can’t be made.
There seems to be a regression that prevents cross origin requests because of csrf protection. We are looking in the issues and will update once resolved.
Hi @daryl, the fix has already landed in dev branch.
While making cross origin request, you will get the CSRF token as a X-CSRF-Token response header with the login request. You should use the same header with all the sub-subsequent requests to pass the token back to the server.
Hello @daryl , did the update solved your issue?
I am facing the same problem as you, while i am using the axelor code from November, and I would like to know if updating it will solve the problem.
Keep me in touch !
Yours.