Hi Tim,
thank you for answer. Now I understand how I receive the cookie. Best Regards Kosmas Am 19.08.2021 um 17:15 schrieb Tim Donohue: > Hi Kosmas, > > You don't need to send any special request to generate the CSRF > token...it's generated automatically on your *first GET request* and > sent to you in the response. The request you send doesn't matter. > What matters is that you need to watch for an HTTP Header named > "DSPACE-XSRF-TOKEN" sent back to you in the response. When that > Header is specified in any response, that is your new CSRF token. > > The value of this "DSPACE-XSRF-TOKEN" header is your assigned CSRF > token. That's the token you will need to send back in your next > POST/PUT/PATCH/DELETE request. You must send it back in a different > HTTP Header, the "X-XSRF-TOKEN" header. > > Your code MUST watch for a "DSPACE-XSRF-TOKEN" in every response you > receive from the DSpace REST API. When that header is sent to you, > that means your CSRF token has changed. Your token may change for a > variety of reasons (e.g. when you login/logout, when you send an > invalid request, or if you appear to be coming from a different client > or have been idle for some time). > > (The DSPACE-XSRF-COOKIE does not need to be used at all by your > client. It's generated by the REST API and it's an HttpOnly cookie, > meaning it cannot be read by Javascript. That cookie is only used by > the REST API to validate your token...i.e. the token you send in > X-XSRF-TOKEN to the REST API must match the token in that Cookie.) > > Tim > > ------------------------------------------------------------------------ > *From:* Kosmas Kaifel <[email protected]> > *Sent:* Thursday, August 19, 2021 5:33 AM > *To:* Tim Donohue <[email protected]>; DSpace Technical Support > <[email protected]> > *Subject:* Re: [dspace-tech] DSpace 7 REST API > > > Hi Tim > > > thank you very match for the answer. > > I known thispage about the REST Contract, but I do not understand > this how can I create a > DSPACE-XSRF-COOKIE befor I send the POST command. > > Can you give me perhaps an example with the curl command for creation > a DSPACE-XSRF-COOKIE > > > curl http://dspace7-test.rz.uni-ulm.de:8080/server/api > <http://dspace7-test.rz.uni-ulm.de:8080/server/api> --data > "[email protected]&password=xxx" > <mailto:[email protected]&password=xxx> ..........? > > > Best Regards > Kosmas > > > Am 18.08.2021 um 17:06 schrieb Tim Donohue: >> Hi Kosmas, >> >> See the REST Contract section on CSRF >> tokens: https://github.com/DSpace/RestContract/blob/main/csrf-tokens.md >> <https://github.com/DSpace/RestContract/blob/main/csrf-tokens.md> >> >> Simply put, the CSRF Tokens will be sent to you in a prior GET >> request (and they may be updated at any time, so your client code >> needs to watch for them). The CSRF token will be sent to the client >> in a DSPACE-XSRF-TOKEN header. >> >> Tim >> ------------------------------------------------------------------------ >> *From:* [email protected] >> <mailto:[email protected]> <[email protected]> >> <mailto:[email protected]> on behalf of Kosmas Kaifel >> <[email protected]> <mailto:[email protected]> >> *Sent:* Wednesday, August 18, 2021 5:49 AM >> *To:* DSpace Technical Support <[email protected]> >> <mailto:[email protected]> >> *Subject:* [dspace-tech] DSpace 7 REST API >> >> Hello, >> >> how can create / receive a valid CSRF token from the REST API >> for POST connection with the REST API. >> >> Best Regards >> Kosmas >> >> -- >> +---------------------------------------------------------------+ >> Universität Ulm >> Kommunikations- und Informationszentrum (kiz) >> Abt. Informationsmedien >> Albert-Einstein-Allee 37 >> 89081 Ulm >> Tel. 0731/50-15495 >> EMail: [email protected] <mailto:[email protected]> >> +----------------------------------------------------------------+ >> >> -- >> All messages to this mailing list should adhere to the Code of >> Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx >> <https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx> >> --- >> You received this message because you are subscribed to the Google >> Groups "DSpace Technical Support" group. >> To unsubscribe from this group and stop receiving emails from it, >> send an email to [email protected] >> <mailto:[email protected]>. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/dspace-tech/619158f2-f21a-4978-2cb1-21a3656c0b11%40uni-ulm.de >> <https://groups.google.com/d/msgid/dspace-tech/619158f2-f21a-4978-2cb1-21a3656c0b11%40uni-ulm.de>. > -- > +---------------------------------------------------------------+ > Universität Ulm > Kommunikations- und Informationszentrum (kiz) > Abt. Informationsmedien > Albert-Einstein-Allee 37 > 89081 Ulm > Tel. 0731/50-15495 > EMail: [email protected] <mailto:[email protected]> > +----------------------------------------------------------------+ -- +---------------------------------------------------------------+ Universität Ulm Kommunikations- und Informationszentrum (kiz) Abt. Informationsmedien Albert-Einstein-Allee 37 89081 Ulm Tel. 0731/50-15495 EMail: [email protected] +----------------------------------------------------------------+ -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/d7a8d0d7-5333-b284-25c6-a8a702fd974f%40uni-ulm.de.
