You are bumping into the protection we have for CSRF (cross site request forgery)
others have mentioned a chrome extension to stop Chrome from forcing an Origin header (https://github.com/postmanlabs/postman-app-support/issues/744) best to use curl or code .... J ________________________________ From: [email protected] [[email protected]] on behalf of Florent Georges [[email protected]] Sent: 16 February 2017 14:59 To: MarkLogic Developer Discussion Subject: [MarkLogic Dev General] 403 SCRF error on the Management API Hi, I create a database using the Management API. I send the request using Chrome's Postman. - URL: http://ml9ea4:8002/manage/v2/databases - Digest authorization with correct user/pwd - Content-Type: application/json - Body: raw: { "database-name": "foo-content" } MarkLogic returns "403 CSRF" with no content. Note the machine name is redirected to a VirtualBox machine on my laptop, configured in /etc/hosts. Also, the following works like a charm, so it seems to be an issue related to Postman: curl -X POST --digest --user xxx:yyy \ --header "Content-Type:application/json" \ -d'{ "database-name": "foo-content" }' \ http://ml9ea4:8002/manage/v2/databases Any idea what can cause the 403? Anyone experienced this already? Regards, -- Florent Georges H2O Consulting http://h2o.consulting/ - New website!
_______________________________________________ General mailing list [email protected] Manage your subscription at: http://developer.marklogic.com/mailman/listinfo/general
