-
Re: Cannot POST to Jive REST API from HTML widget
I am still struggling with this.. has anyone seen this before?
Thanks!
-
Re: Cannot POST to Jive REST API from HTML widget
Is the HTML in the widget actually running in an iframe, rather than it being part of the main page?
-
Re: Cannot POST to Jive REST API from HTML widget
Yup! Because the widget I have created is very heavily Javascript it has been wrapped in an iframe.
-
Re: Cannot POST to Jive REST API from HTML widget
1 person found this helpfulHmm. Have you tried setting this sys prop?
jive.rest.internal.csrf.token.enabled = false
-
Re: Cannot POST to Jive REST API from HTML widget
I am not a site Admin but only Admin of the spaces I'm responsible for so I am not able to set this property (I think). And even if I ask someone to do it.. I'm not sure they would due to the security hole this potentially leaves by doing so.
I am actually pretty confident that turning this setting off might 'fix' my issue (from the other threads I have read).. but then I open that security hole. But I am not sure why I am even running into CSRF issues in the first place as I am sending the correct X-JCAPI token (as far as I can tell) with the request.
-
Re: Cannot POST to Jive REST API from HTML widget
What is the domain for the source of the iframe? If you are loading it from another domain, then that is why the JCAPI token may not be working. in general, i've never pursued this avenue, as doing either Widget using the session cookie and/or Apps using the osapi bind to currentUser have done 99% of my customized Tiles/Apps/Widget work.
Just thought I'd share that.
-
Re: Cannot POST to Jive REST API from HTML widget
The iframe is from an HTML widget in a Jive instance. So the domain is the same as the Jive instance. I believe the iframe is there because I have used javascript in the HTML widget.. so Jive automatically wraps my widget in an iframe.
In any case.. I have done some more digging and it seems that the beyond the JCAPI token.. I also need a J-L-Token when doing a POST.
I was able to get this with window.parent._jive_auth_token and then attached the J-L-Token header to my request with this value..
This seemed to do the trick! Of course, this only resulted in more questions
.. But I am now able to post successfully!Thanks for all the help!
-
Re: Cannot POST to Jive REST API from HTML widget
Hello Jeff Bowman
Could you please help me to resolve my issue. I am trying to use the Jive REST api in the html widget and trying to POST to the /people service with jQuery ajax method. I am getting same error message you got.
Part of my code is:
type: "POST",
data: JSON.stringify(jiveuser),
url: url,
contentType: "application/json",
dataType: 'json'
So could you please help me how should I wrap the window.parent._jive_auth_token to my ajax post? Where should I attach it? with header attribute or something else? Could you please help me to provide the exact code please?
Thanks
Sachin
-
Re: Cannot POST to Jive REST API from HTML widget
1 person found this helpfulHi Sachin,
Unfortunately, I don't think I'll be able to give you exact code as I am using Angular JS and not Ajax.. But here is the code I used to extract the correct token and setup my http client. I've bolded the part that was important in my case.
var urlBase = '/api/core/v3';
var config = {};
config.resonseType = "text";
// Don't worry about the below, it is simply striping off the string "throw 'allowIllegalResourceCall is false.';" so I can parse the response as JSON
config.transformResponse = appendTransform($http.defaults.transformResponse, function (value) {
return jiveFactory.stripSecurityString(value);
});
config.headers = { 'X-J-Token': window.parent._jive_auth_token };
Regards,
-Jeff
-
Re: Cannot POST to Jive REST API from HTML widget
Hello Jeff Bowman
Thank you so much, it worked
I have set the headers with jive auth token in my ajax request. It works perfectly inside the html widget now.Thank you again
Regards,
Sachin
-
-
Re: Cannot POST to Jive REST API from HTML widget
Solution is js ajax
$.ajax({ type:"POST", url: "/api/core/v3/contents", headers: { 'X-J-Token': window.parent._jive_auth_token }, contentType: "application/json", data: req, dataType: 'json', success: function(data){ processData(data); }, error: function(e) { console.log(e); //console.log("Error: " + XMLHttpRequest); } });
-
-
-
-
-
-
-
-