Target Ingestion broken
I tried running my ingestion script this morning, and I get the error below
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<title>400 Bad Request</title>
<p>CSRF token missing or incorrect.</p>
An example of the type of input that is being fed to the script is
I'm using the same format in your example target-ingestion script, but modified to be its own function. The input was formatted identically on Thursday and previous days when I successfully ingested targets. This particular target listed here is not a new one, but one that already exists. I have tried with new targets, and get the same error.
#1 Updated by Rollin Thomas over 7 years ago
- Status changed from New to Resolved
- Assignee changed from Chris D'Andrea to Rollin Thomas
This was a side effect of enabling forms with flask-wtf (yes that is the name of the library). It has protection against something called CSRF (cross-site request forgery) and it applies to all view functions, including the REST API. I was able to exempt the POST methods of the REST API by putting the CSRF protection initialization into the REST blueprint (kind of a hack that should be revisited later). This kept the CSRF on the forms (I tested) and enabled ingestion and posting (also tested).
Chris, I think you assigned this bug to yourself, which is probably why I did not see this on email. (Though I want to see ALL issue updates and reports on email, going to have to see how to do that...)