I am using the built in api functionality of Axelor. I am running a React project for frontend where I can successfully make a GET, PUT and DELETE request and retrieve/create/delete data using the API. However I am unable to make a POST request in the browser (as I receive a 403 error response). The strange thing is I am able to make a POST request without any issue in postman. To test I have taken the request code directly from postman and tried it in the browser - again 403 error.
I need to be able to make POST requests to update data and have been stuck with this issue for quite some time.
I am using Axios to make the requests. I can see in the network that that the JSESSIONID and CSRF token are being correctly sent in the headers.
In application properties I have cors set to *:
cors.allow.origin = *
Thanks for getting in touch so quick.
I may have - however I wasn’t aware particular configuration had to be done on the auth/permission for the entity to make a POST update via the API. Could you please give more info on what you mean by configure? Which auth/permission needs to be configured to? Thanks a mill, Daryl
Thanks for the suggestion but this doesn’t fix the issue. As mentioned I can successfully create, read, remove and the issue lies with write ie a POST request.
So using postman OK
Setting header in the browser doesn’t work, I’m thinking there is some issue how your browser set the header.
Have you tested with curl ?
I haven’t tested with curl as I am not familiar with the technology however I will give it a try and report back to you. I’m using Chrome so I will also try in another browser today in case the results vary. Thanks for the suggestion.
I am using the line above to handle cookie attachment (if this is what you meant in your question). As seen in the original post the JSESSIONID and CSRF-TOKEN are being sent in the request in the headers so to the best of my knowledge I can only assume this isn’t the issue.
Hello @daryl
Double check.
In your 1st post you tested to push at com.axelor.ross.db.ItemMenu/… (in your postman test it works)
In the screenshot attached you are testing
com.axelor.ross.db.ItemMenu/105
Basically it’s a different endpoint maybe with different permissions.