Project

General

Profile

Bug #4760

Target Ingestion broken

Added by Chris D'Andrea over 7 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
High
Assignee:
Start date:
10/05/2013
Due date:
% Done:

0%

Estimated time:
Duration:

Description

I tried running my ingestion script this morning, and I get the error below

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>400 Bad Request</title>
<h1>Bad Request</h1>
<p>CSRF token missing or incorrect.</p>

An example of the type of input that is being fed to the script is
transient_id=DES13C1eyl
ra=54.1778519
dec=-27.8413716667

I'm using the same format in your example target-ingestion script, but modified to be its own function. The input was formatted identically on Thursday and previous days when I successfully ingested targets. This particular target listed here is not a new one, but one that already exists. I have tried with new targets, and get the same error.

History

#1 Updated by Rollin Thomas over 7 years ago

  • Status changed from New to Resolved
  • Assignee changed from Chris D'Andrea to Rollin Thomas

This was a side effect of enabling forms with flask-wtf (yes that is the name of the library). It has protection against something called CSRF (cross-site request forgery) and it applies to all view functions, including the REST API. I was able to exempt the POST methods of the REST API by putting the CSRF protection initialization into the REST blueprint (kind of a hack that should be revisited later). This kept the CSRF on the forms (I tested) and enabled ingestion and posting (also tested).

Chris, I think you assigned this bug to yourself, which is probably why I did not see this on email. (Though I want to see ALL issue updates and reports on email, going to have to see how to do that...)

#2 Updated by Rollin Thomas over 7 years ago

  • Status changed from Resolved to Closed

Also available in: Atom PDF