3 Replies Latest reply on Nov 7, 2017 1:58 PM by klas

    POST 403 Request couldn't  be validated

    klas

      I am trying to upload a file to the /contents endpoint.

      But I keep getting a 403 error and the following message:

      {

          "code": 4026,

          "message": "The request could not be validated as originating from within the SBS application"

      }

       

      I am using Postman. (Basic Auth)

      If I have the Postman Interceptor enabled the request fails (Using the browser cookies)

      But if I send the request with Postman Interceptor off, the request is successful.

       

      Any idea why this is?

       

      When I make the same request in the console I get the same result.

       

      Console Sample code:

      Step 1

      var fileUpload = document.createElement("INPUT");

      fileUpload.setAttribute("type", "file");

      fileUpload.setAttribute("multiple",true);

      fileUpload.setAttribute("accept","image/*");

      fileUpload.click();

       

      Step 2

      function upload(file) {

          var formData = new FormData(); 

          // formData.append('json', JSON.stringify(content)); 

          formData.append("json", "{\"authorship\": \"author\",\"type\": \"file\",\"subject\": \"This is my uploaded binary file\",\"content\": {\"type\": \"text/html\",\"text\": \"This is my description for the upload file\",}}");

          formData.append("file", file);

       

          var xhr = new XMLHttpRequest();

          xhr.withCredentials = true;

          xhr.open("POST", "https://connect.fg.rbc.com/api/core/v3/contents");

          xhr.setRequestHeader("X-J-Token", window.parent._jive_auth_token);

          xhr.addEventListener("load", function (e) {

              // file upload is complete

              if (this.readyState === 4) {

                var s = xhr.responseText;

                var json = s.replace("throw 'allowIllegalResourceCall is false.';", "");

                console.log(JSON.parse(json));

              }

          });

          xhr.send(formData);

      }

       

      upload(fileUpload.files[0]);

       

      Ryan Rutan