0 votes

Hi,

I have a trouble with the openUrlSecure POST request.

I check with postman and i got a 200 ok response but with openUrlSecure I got: Unauthorized : CSRF validation failed from the server. statuscode 401.

my code:

function test1() {
    var headers = TStringList.Create;
    try {
        headers.Add('Content-Type: application/json; charset=utf-8');
        headers.Add('X-CSRF-Token: XXX');

        var data = JSON.stringify({ "username": "XX", "password": "XXX"});
        var openURLResult  = Efficy.openUrlSecure("https://myPath/login.json", data, headers.Text, "POST");

    } catch(e){
        Efficy.log(e.message);
        }
    finally {
        headers.Free;
    }
    return openURLResult.statusCode;
}

To get the token run a similar function with no data and no token header and it work fine.

asked in Partners by (182 points)

3 Answers

+1 vote
Best answer

Be sure the header from the token is correct:

  1. Double check the casing
  2. Maybe the token itself should be passed as a string between double quotes, e.g. "XXX"

Like this:

headers.Add('X-CSRF-Token: "XXX"');

Instead of using the TStringList, you could also stay native JS and work with an array:

headers = ['Content-Type: application/json; charset=utf-8', 'X-CSRF-Token: "XXX"'].join("\n");

answered by (7.3k points)
selected by
Did you find the source of the issue?
It would be great of you can share the solution. I've got the same issue when I have to add multiple header-items:
var headersText = ['Content-Type: application/json', 'X-CSRF-Token: 2icDv1VHt21RYUiCjRI3xumpcPe2vvnZ187z61QbUXU'].join("\n");

So how to pass more than one header in the request?
+1 vote

Hi,

I advise you to run these 2 requests (1 with postman, 1 with your script) on your local server (in http) and see with Wireshark what are the differences between them.

Alternatively, you can run these 2 requests on a "request bin" (ex : http://requestbin.fullcontact.com) and compare the results.

Cheers

Geoffrey

answered by (663 points)
0 votes

I still have issues using openUrlSecure or openURL2. Both on the same issue: passing multiple headers. If I use postman it works immediately, but using (Efficy)javascript does not work. Any ideas?

answered by (219 points)
It does work with the newline \n separation. I just tested it again and included also a 5th use case in the openUrlSecure tutorial. It demonstrates an example with form-data post and multiple headers.

https://help.efficy.com/edn/projectguides/openurlsecure#use_case_5_form_data_post_and_multiple_headers
Hi Kristof,

Thanks for your input. In the mean time I found out that the issue has to do with passing cookies. What I'm trying to do:
- post a login request (this works)
- use the result with a token and cookie for the next post request
The problem is passing the cookie. When using Postman or similar programs, this works perfectly, but somehow this does not work using a server side script.  Do you have any experience with this?
No, I don't have experience with set-cookie headers and openUrlSecure. I'll make another use case for that. I'll make a script that logs on to the Efficy /admin console and scrapes some info from the active sessions.
That would be great, thanks!
It seems that cookies are automagically handled by openUrlSecure, just like Postman and SoapUI do. I tested the scraping of the Efficy console from a SchedulerAdmin and that worked out of the box.
Try the 6th use case and see if that also works for your version and for instance from ServerJS.
https://help.efficy.com/edn/projectguides/openurlsecure
Welcome to Efficy Overflow, where you can ask questions and receive answers from other members of the community.
1,231 questions
1,500 answers
1,835 comments
328 users