REST API Posting two request simultaneously with different properties fails with 403 status code due to CSRF check

Permanently deleted user

Created June 26, 2019 19:51

I'm sending two post request using the REST API: http://localhost:8111/app/rest/buildQueue but my second request fails with 403 Forbidden: Responding with 403 status code due to failed CSRF check: no "Origin" header is present and no authentication provided with the request, consider adding "Origin: http://localhost:8111" header. I'm wondering why is this happening since if i run the build in the UI and change the params ex. build1 has %version=2% and build2 has %version=3% it will run parallel with each other running on different available agents.

Here's my json request that i send

REST API:http://localhost:8111/app/rest/buildQueue
JSON BODY:
{  
   "branchName":"master",
   "buildType":{  
      "id":"GOGs_DockerBuild",
      "projectId":"GOGs"
   },
   "properties":{  
      "property":[  
         {  
            "name":"DOCKER_IMAGE_NAME",
            "value":"test-gogs-3"
         },
         {  
            "name":"SNAPSHOT_DEPENDENCY_VERSION",
            "value":"0.6"
         }
      ]
   }
}

Am i missing a parameter to be able to run build in parallel with each other?

1 comment

Denis Lapuente

Created July 10, 2019 14:26

Hi,

the error doesn't have (or shouldn't have) anything to do with trying to run builds, but with sending requests to the server in the first place. We have been improving security with each new release, and the newer CSRF protection mechanisms can take down requests that don't have some required headers, such as the error message is saying. If you add the header as stated in the error message, the error should stop.

Please sign in to leave a comment.