Hello, I am trying to get a custom API endpoint to work, but I am getting CSRF errors when posting any data to it: > 401 (Splunk cannot authenticate the request. CSRF validation failed.)
My endpoint looks like this (my_app/bin/test.py):
#!/usr/bin/python
import os
import csv
import splunk
class Echo(splunk.rest.BaseRestHandler):
def handle_GET(self):
self.response.setStatus(200)
self.response.write('session: ' + self.sessionKey + '\n')
for key, value in self.request["headers"].iteritems():
self.response.write(key + ': ' + value + '\n')
handle_POST = handle_GET
Splunk restmap.conf (my_app/default/restmap.conf):
[script:echo]
match=/echo
handler=test.Echo
Splunk web.conf (my_app/default/web.conf):
[expose:echo]
pattern=echo
methods=GET,POST
I've tried communicating with the API two different ways:
Over port 8000 (POST not working)
![alt text][1]
Over port 8089 (POST and GET working)
![alt text][2]
My log (/opt/splunk/var/log/splunk/splunkd.log) keeps saying this: `ERROR UiAuth - Request from xxx.xxx.xxx.xxx to "/en-US/splunkd/__raw/services/echo" failed CSRF validation -- expected "5038769918656995927", but instead cookie had "5038769918656995927" and form parameter had ""`
**What I've tried**:
1. Adding `skipCSRFProtection=1` to the endpoints config in `web.conf` (documented feature) but it seems to have zero effect.
2. Cleared my cookies for the domain, as detailed in this splunk answers question: `answers.splunk.com/answers/581168/splunk-cannot-authenticate-the-request-csrf-valida.html`
3. Tried manually adding `X-Splunk-Form-Key` as a header, as suggested by this splunk answers question: `answers.splunk.com/answers/661095/post-to-splunkd-raw-endpoint-returns-csrf-validati.html`
It feels like the session cookies are not being transmitted properly, but that doesn't seem correct, given the headers received in the GET request example attached.
**What I need:**
I need to be able to communicate with the web API (authenticated) on port 8000 for GET and POST requests. I am trying to make requests in my custom dashboard:
const service = mvc.createService({
owner: 'username here'
});
service.post(
'/services/echo',
JSON.stringify({ my: data }),
function(err, response) {
// what ever
}
);
**Other Info:**
I'm running splunk in docker, using the 7.1.2 tag.
[1]: /storage/temp/274773-api1.png
[2]: /storage/temp/274774-api2.png
↧