Help for Aimeos

Hello,
our AIMEOS version is 2021.04 and we run PHP 7.4.3.

I am trying to create a product via the JsonAPI in our .NET 5 app.

I log in using the api/login endpoint and get a bearer token.

Then I use that for the OPTIONS in admin/default/jsonadm, where I get the CSRF token in the meta object.

Then I use admin/default/jsonadm/product?_token=+csrfTokenVariable.

This works alright in Postman and creates the product specified in the body parameter.

When I use this procedure in our .NET app, I can log in, get the options, but the last part where I create the product returns error 419 or whatever with the message: CSRF token mismatch.

The only thing that I suspect might be the cause of this is the Cookie that Postman creates that is really long. That is the only thing I do not pass to the product endpoint because I don't know how to generate this cookie in my program.

Thanks for any help, guys.

Jacob

Yes, you need to pass the (Laravel) cookie in the request so the framework knowns the token which is stored in the user session.

Thank you for the reply! How would I obtain the cookie? The login endpoint response doesn't return it.

Cookies are returned as HTTP header, not in the JSON content

Hello again,

I have used the cookies from the OPTIONS call and still get the CSRF token mismatch error. Here is what I pass in parameters:


And here is the body I pass to the API:


What am I doing wrong? Thank you!

The CSRF token must be passed as GET/POST parameter named "_token", not as cookie

aimeos wrote: ↑29 Jul 2021, 05:25 The CSRF token must be passed as GET/POST parameter named "_token", not as cookie

Thanks for the repsonse! Yes, I use the token as https://url.url?_token=TOKENSTRING. But that never worked for me, so I was trying something else.

I have now disabled the csrf in the VerifyCsrfToken.php and everything works fine. I will have to re-enable csrf when we move to production though, so fingers crossed I will figure it out.