2 Replies Latest reply on Nov 19, 2014 9:39 AM by msbrocca

    403 forbidden while creating document with REST post

    michael_yegorov

      Here's my ajax call:

      var promise = $j.ajax({
        contentType:'application/json',
        url:'/api/core/v3/contents',
        data:'{"content":{"type":"text/html","text":"asdfasdf<div>asdfasdf</div>"},"subject":"test document","type":"document"}',
        type:'post'
        }).done(function(result){console.log(result)});
      
      

       

      gets me into 403, despite the fact that /api/core/v3/people/@me gives me my actual information, so I am really logged in. And I have admin priviledges, from web UI I can creane a document anywhere

       

      Here are my headers:

      Remote Address:[::1]:8080
      Request URL:http://localhost:8080/api/core/v3/contents
      Request Method:POST
      Status Code:403 Forbidden
      Request Headersview source
      
      Accept:*/*
      Accept-Encoding:gzip,deflate
      Accept-Language:ru,en-US;q=0.8,en;q=0.6,uk;q=0.4
      Connection:keep-alive
      Content-Length:178
      Content-Type:application/json
      Cookie:jive.user.loggedIn=true; jive.login.ts=1409066165552; jiveRegularLoginUserCookie=true; SPRING_SECURITY_REMEMBER_ME_COOKIE=YWRtaW46MTQxMTc2MzU4NzU3NTo5NmY0NGFkOTdmOWM0YmQ0Y2JhZGUxMDgxMjhmMmFkZQ; jive.server.info="serverName=localhost:serverPort=8080:contextPath=:localName=0:0:0:0:0:0:0:1:localPort=8080:localAddr=0:0:0:0:0:0:0:1"; X-JCAPI-Token=QduHQ2TL; JSESSIONID=5FED2355BAE092EEAC80D449C02C9DA8; jive.security.context="ZOyZeWZ0R3axZrazGPoVCwAAAAAAABLzkIXUtZFXfy0UV2/NrSAlvU/P62IvDZZiY4A="
      Host:localhost:8080
      Origin:http://localhost:8080
      Referer:http://localhost:8080/bpmCreate.jspa
      User-Agent:Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.94 Safari/537.36
      X-J-Token:18dc362e51431e7bef2d0fdda470fac0afc167388efc6ef222987b176eaffe7c
      X-Requested-With:XMLHttpRequest
      
      
      
      Response Headersview source
      
      Cache-Control:no-store
      Content-Length:137
      Content-Type:application/json
      Date:Wed, 27 Aug 2014 15:08:42 GMT
      Expires:0
      P3P:CP="CAO PSA OUR"
      Pragma:no-cache
      Server:Apache-Coyote/1.1
      X-Frame-Options:SAMEORIGIN
      X-Jive-Flow-Id:08963df1-2dfc-11e4-a223-e840f23d7824
      X-Jive-Request-Id:08963df0-2dfc-11e4-a223-e840f23d7824
      X-JIVE-USER-ID:1