CSRF check failed


#1

I was trying to use provisioning api to search a user by url
http://admin:secret@example.com/ocs/v1.php/cloud/users?search
by shows CSRS check failed .
I searched the reason is OCS-APIRequest header to be set true`
but how and where to set it?


#2

Are you using curl? Because then the parameter

--header "OCS-APIRequest: true"

should be used in your curl command. Basically the same parameter can be used in any type of connector you use for the API.


#3

curl will tell me

status code 907
message current user is not logged in

then I tried curl -s http://localhost/nextcloud/index.php/login -c cookiefile -d “user=xxx&password=xxx”
nothing happened ,
still not logged.


#4

Thanks! works with curl -u username:password -X GET ‘https://example.com/abcdefg…’ -H “OCS-APIRequest: true”
But I acutually want to call it from outside. by Ajax .
but seems doesn’t work

even I set headers{
“OCS-APIRequest”:“true”
}


#5

from the tutorial
https://docs.nextcloud.com/server/12/developer_manual/app/tutorial.html?highlight=ajax

I think I can modify some source code to add@NoCSRFRequired

anyone think it will work?


#6

please help


#7

@tflidd maybe you have insight?