11 Replies Latest reply on Feb 22, 2018 9:34 PM by pushpendra.paliwal

    Cannot POST to Jive REST API from HTML widget

    jbowman1107

      Hi!

       

      I am creating an HTML widget in which I am voting on an existing poll from the widget based on user input.

       

      When I try to do:

      POST /api/core/v3/votes/58148 with data of ["option"]

      I am receving the following error:

      {

        "code" : 4026,

        "message" : "The request could not be validated as originating from within the SBS application"

      }

       

      I have seen a few threads with this error.. but none of them seemed to solve my issue.. As I am sending the X-JCAPI-Token and I am not doing this cross domain as the HTML widget is in Jive..

       

      Any ideas what may be my issue?

       

      Regards,

       

      -Jeff

       

      Version Info:

      throw 'allowIllegalResourceCall is false.';

      {

        "jiveVersion" : "7.0.2.0 ",

        "jiveCoreVersions" : [ {

        "version" : 2,

        "revision" : 3,

        "uri" : "/api/core/v2",

        "documentation" : "https://developers.jivesoftware.com/api/v2/rest"

        }, {

        "version" : 3,

        "revision" : 4,

        "uri" : "/api/core/v3",

        "documentation" : "https://developers.jivesoftware.com/api/v3/rest"

        } ],

        "instanceURL" : "HIDDEN",

        "ssoEnabled" : [ "saml" ],

        "jiveEdition" : {

        "product" : "external",

        "tier" : 0

        },

        "ssoForOAuthGrantEnabled" : false

      }

        • Re: Cannot POST to Jive REST API from HTML widget
          jbowman1107

          I am still struggling with this.. has anyone seen this before?

           

          Thanks!

            • Re: Cannot POST to Jive REST API from HTML widget
              mcollinge

              Is the HTML in the widget actually running in an iframe, rather than it being part of the main page?

                • Re: Cannot POST to Jive REST API from HTML widget
                  jbowman1107

                  Yup! Because the widget I have created is very heavily Javascript it has been wrapped in an iframe.

                    • Re: Cannot POST to Jive REST API from HTML widget
                      mcollinge

                      Hmm. Have you tried setting this sys prop?

                       

                      jive.rest.internal.csrf.token.enabled  =  false

                      1 person found this helpful
                        • Re: Cannot POST to Jive REST API from HTML widget
                          jbowman1107

                          I am not a site Admin but only Admin of the spaces I'm responsible for so I am not able to set this property (I think). And even if I ask someone to do it.. I'm not sure they would due to the security hole this potentially leaves by doing so.

                           

                          I am actually pretty confident that turning this setting off might 'fix' my issue (from the other threads I have read).. but then I open that security hole. But I am not sure why I am even running into CSRF issues in the first place as I am sending the correct X-JCAPI token (as far as I can tell) with the request.

                            • Re: Cannot POST to Jive REST API from HTML widget
                              Ryan Rutan

                              What is the domain for the source of the iframe?  If you are loading it from another domain, then that is why the JCAPI token may not be working.  in general, i've never pursued this avenue, as doing either Widget using the session cookie and/or Apps using the osapi bind to currentUser have done 99% of my customized Tiles/Apps/Widget work.

                               

                              Just thought I'd share that.

                                • Re: Cannot POST to Jive REST API from HTML widget
                                  jbowman1107

                                  The iframe is from an HTML widget in a Jive instance. So the domain is the same as the Jive instance. I believe the iframe is there because I have used javascript in the HTML widget.. so Jive automatically wraps my widget in an iframe.

                                   

                                  In any case.. I have done some more digging and it seems that the beyond the JCAPI token.. I also need a J-L-Token when doing a POST.

                                   

                                  I was able to get this with window.parent._jive_auth_token and then attached the J-L-Token header to my request with this value..

                                   

                                  This seemed to do the trick! Of course, this only resulted in more questions .. But I am now able to post successfully!

                                   

                                  Thanks for all the help!

                                    • Re: Cannot POST to Jive REST API from HTML widget
                                      Sachin Kumar

                                      Hello Jeff Bowman

                                       

                                      Could you please help me to resolve my issue. I am trying to use the Jive REST api in the html widget and trying to POST to the /people service with jQuery ajax method. I am getting same error message you got.

                                       

                                      Part of my code is:

                                       

                                      type: "POST",

                                        data: JSON.stringify(jiveuser),

                                        url: url,

                                        contentType: "application/json",

                                            dataType: 'json'

                                      So could you please help me how should I wrap the window.parent._jive_auth_token to my ajax post? Where should I attach it? with header attribute or something else? Could you please help me to provide the exact code please?

                                       

                                      Thanks

                                      Sachin

                                        • Re: Cannot POST to Jive REST API from HTML widget
                                          jbowman1107

                                          Hi Sachin,

                                           

                                          Unfortunately, I don't think I'll be able to give you exact code as I am using Angular JS and not Ajax.. But here is the code I used to extract the correct token and setup my http client. I've bolded the part that was important in my case.

                                           

                                              var urlBase = '/api/core/v3';

                                              var config = {};

                                              config.resonseType = "text";

                                              // Don't worry about the below, it is simply striping off the string "throw 'allowIllegalResourceCall is false.';" so I can parse the response as JSON

                                              config.transformResponse = appendTransform($http.defaults.transformResponse, function (value) {

                                                  return jiveFactory.stripSecurityString(value);

                                              });

                                              config.headers = { 'X-J-Token': window.parent._jive_auth_token };

                                           

                                          Regards,

                                           

                                          -Jeff

                                          1 person found this helpful
                                          • Re: Cannot POST to Jive REST API from HTML widget
                                            pushpendra.paliwal

                                            Solution is js ajax

                                             

                                             

                                            $.ajax({                              
                                               type:"POST",                                          
                                               url: "/api/core/v3/contents", 
                                               headers: { 'X-J-Token': window.parent._jive_auth_token },                                          
                                               contentType: "application/json",                                           
                                               data: req,                                           
                                               dataType: 'json',                                           
                                               success: function(data){                                                   
                                               processData(data);                                           
                                                },                                           
                                               error: function(e) {                                                     
                                               console.log(e); //console.log("Error: " + XMLHttpRequest);                                                  
                                              } });