8 Replies Latest reply on Jul 27, 2016 9:42 AM by Ryan Rutan

    What Headers need to be sent to upload a file via rest api from add on?

    o.wagner

      Hi there,

      I'm trying (again...) to upload a file from within an add on via the v3 rest api. If I turn the system property jive.rest.internal.csrf.token.enabled to false in the admin console, everything works. But if I turn this one to true, I get the following response:

       

      {   "code" : 4026,   "message" : "The request could not be validated as originating from within the SBS application" }
      

       

      So I am in an jive hosted app inside an Iframe. To get the X-J-Token, I simply use "window.parent._jive_auth_token". The token is also send correct with the request header. Is there anything else I have to pay attention for? Did not really found anything about this topic in the community... The request header looks like this:

       

      Accept:application/json, text/plain, */*ccept-Encoding:gzip, deflate
      Accept-Language:en-US,en;q=0.8,de;q=0.6
      Connection:keep-alive
      Content-Length:857174
      Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryXnPUfQj5C3AqXWBB
      Cookie:jive.login.ts=1462257220088; JSESSIONID=4C7B28E0EA4AC89DF022C0C9524CF5C9; jive.login.type=form; 
           jive.server.info="serverName=xxx.de:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; 
           anonymous=false; st2=DtvrIhX1cBtiYpsU92SllSAHvXuoJEQgM/ob4bKNIck;
           X_JAPP_INSTANCE="SjEyXRAAAABdT3fzm7U8Yt52A4xuDs1AdsIgm3lZFxVQ5vnlGite9D7XL+spG4N0mVFVEZzoGnxT2KEG76Zuejh5YuYDGzVdG4L309NM8fZ7oLLZkasZH614uRDXnYPBtGISxlHD0pUEqfkl7xdHtYzFD4QO86Vf38t9tcZKH6PNiP3+SKHeUakPL8NbSFdMXrA="; 
           jive.security.context="7zLEhsMboX8b9pxorOwefwAAAAAAABRibYrwtoocKIG6ymmaNIMNgCp5EU+/NesWCj0vd9lDyYkevIOuYROq+mg="; 
           jive.user.loggedIn=true; 
           X-JCAPI-Token=R2S6SmlL
      Host:xxx.de
      Origin:https:/xxx.de
      Referer:https://xxx.de/gadgets/ifr?url=https%3A%2F%2Fxxx.de%2Fresources%2Fadd-ons%2F95de32cf-8e42-490d-a2a9-9ed963b4cdb2%2F390851ee1e%2Fapps%2Fsimpleapp%2Fapp.xml&container=default&view=canvas&lang=en&country=US
           &debug=0&nocache=1&sanitize=0&v=b866885f336bd4bc1c3392b1291f056a&st=default%3A3lZnuOyPJsZSBL_F3H7Sj98Yp5PkkwsXrSgNF5nwh5EhaTtmrlIM-NqkSFcu6va7ERI_WbyoAsfCSsHvcb7X8_nmsBY_xQDbHc4ql4_CEHQnoVCfN5jR59O_ERoDs2pg
           6uWcoCtD9xJCvhxVSlizaY_qJyk3Ha_rVRVUiU_p9NpIzXA4XeyY05e6-oO-N_M_BTwN2V0QRQT7MQ5Y08MIA27OR1gXFsc44bf5VPD1IV0SvO0ZNNiN1-r1mIjEfacSxOX8Qg&testmode=0&parent=https%3A%2F%2Fxxx.de&mid=0
      User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/47.0.2526.73 Chrome/47.0.2526.73 Safari/537.36
      X-J-Token:d7ba02df814e0fa1ee300d4ce80d5275b2683ff69f47af02b00d2e79aac838de
      

       

      Thanks in advance

      Onke