I am not sure why the command won’t work for you. If you want to see the actual post request from your browser you can follow the following steps:
In Chrome, Click on the settings button (its on the top right corner) Settings -> More tools -> Developer Tools. On the developer tool bar click on the Network tab and check the "Preserve log” check box. Now navigate to a topology and click activate. In the network tab you will see a post request for activate. Right Click on that and you will see a copy as curl option. This should give you the complete curl command. You can remove everything but the x-csrf-token and ring-session and see if the request succeeds. Thanks Parth On Dec 23, 2014, at 8:46 PM, Joe Zhang (SDE) <[email protected]> wrote: > I have passed both csrf token and the ring-session Ids as the second request > head, but It still has this issue ~ > > But I can deactivate the topology using the Storm UI > > Best wishes > Joe zhang > > From: Parth Brahmbhatt [mailto:[email protected]] > Sent: Wednesday, December 24, 2014 12:33 PM > To: Joe Zhang (SDE) > Cc: [email protected] > Subject: Re: Missing CSRF token error when trying to use POST operations of > Storm Rest API > > Sorry for the confusion here is how its working on my desktop. First I make a > get call with curl and write the cookie to a file: > > curl -c cookies.txt > 'http://localhost:8080/api/v1/topology/wordcount-2-1419393872?sys=false' > > I copy the > "antiForgeryToken":"UtBiKWAewurAl+QZNQLPCY969YBPMRdrxGhOB9yL35sXzFRNQLIOOMi6kSg9yIAT5NLdRz0VF2iCdmEc” > value from the response and the “ring-session > c6880c5b-1651-412a-962b-763bba966d4e" value from cookies.txt file. > > Using these two values I make a post request : > > curl > 'http://localhost:8080/api/v1/topology/wordcount-2-1419393872/deactivate' -X > POST -H 'x-csrf-token: > UtBiKWAewurAl+QZNQLPCY969YBPMRdrxGhOB9yL35sXzFRNQLIOOMi6kSg9yIAT5NLdRz0VF2iCdmEc' > -H 'Cookie: ring-session=c6880c5b-1651-412a-962b-763bba966d4e’ > > Note that both csrf token and the ring-session Ids are passed as headers. > > > Let me know if this still does not work for you. > > Thanks > Parth > > On Dec 23, 2014, at 7:37 PM, Joe Zhang (SDE) <[email protected]> wrote: > > > Try using this curl > 'http://localhost:8080/api/v1/topology/wordcount-1-1417552268/deactivate' -X > POST -H 'x-csrf-token: > K7RAB7TXD579g4JCs2hK6S0bxP35x8IZB4uFZqueT1eqj451+pvz0b7BGvFi2DZ2HKLenCJQTSE5hSlE' > -H 'Cookie:csrftoken=64142f8e6fc9f9bedc70b15aef657ef4; > ring-session=e1c4715f-e3d3-47e1-8573-1f736cefdb34' > > The high light is the filed I get from response filed antiForgeryToken, but > Cookie:csrftoken also need a csrftoken, what I mean is where can I get this?? > Best wishes > Joe zhang > > From: Parth Brahmbhatt [mailto:[email protected]] > Sent: Wednesday, December 24, 2014 11:18 AM > To: Joe Zhang (SDE) > Cc: [email protected] > Subject: Re: Missing CSRF token error when trying to use POST operations of > Storm Rest API > > any get request that you make will have a field called antiForgeryToken in > response. The value of this field should be sent as csrfToken. > > Thanks > Parth > On Dec 23, 2014, at 6:39 PM, Joe Zhang (SDE) <[email protected]> wrote: > > > > How can I get the Cookie:csrftoken=64142f8e6fc9f9bedc70b15aef657ef4 ?? > > Best wishes > Joe zhang > > From: Parth Brahmbhatt [mailto:[email protected]] > Sent: Wednesday, December 24, 2014 12:49 AM > To: [email protected] > Cc: Joe Zhang (SDE) > Subject: Re: Missing CSRF token error when trying to use POST operations of > Storm Rest API > > Hey, > > Try using this curl > 'http://localhost:8080/api/v1/topology/wordcount-1-1417552268/deactivate' -X > POST -H 'x-csrf-token: > K7RAB7TXD579g4JCs2hK6S0bxP35x8IZB4uFZqueT1eqj451+pvz0b7BGvFi2DZ2HKLenCJQTSE5hSlE' > -H 'Cookie:csrftoken=64142f8e6fc9f9bedc70b15aef657ef4; > ring-session=e1c4715f-e3d3-47e1-8573-1f736cefdb34' > > > > On Mon, Dec 22, 2014 at 10:23 PM, Xiaoyong Zhu <[email protected]> wrote: > Hi Storm experts, > My colleague and I are trying to using the REST API to active or detactive > storm topology using C# Httpclient. Unfortunately , no matter how we tried, > Storm returns the same error : > > { > "error" : "Forbidden action.", > "errorMessage" : "missing CSRF token." > } > > We notice that “ All the post requests below must include a header > "x-csrf-token" with the value of "antiForgeryToken" from the GET response”, > but we still hit this error. > > Below is my code: > > <1> First Get CSRF Token > string requestUrl = > "http://127.0.0.1:8744/api/v1/topology/my_word_count-4-1417592340";; > HttpServerBroker serverBroker = new HttpServerBroker(null, null); > string jsonResult = serverBroker.GetHttpRequestResult(requestUrl, > "GET"); > > <2> Using the token do the post request > > HttpServerBroker serverBroker = new HttpServerBroker(null, token); > > string requestUrl = > "http://127.0.0.1:8744/api/v1/topology/my_word_count-4-1417592340/deactivate";; > string jsonResult = serverBroker.GetHttpRequestResult(requestUrl, > "POST"); > > public class HttpServerBroker > { > > // In order to prevent CSRF vulnerability, storm rest API uses a CSRF > token > private readonly string _antiForgeryToken; > private ICredentials _credentials; > public HttpServerBroker(ICredentials credentials, string > antiForgeryToken) > { > _credentials = credentials; > _antiForgeryToken = antiForgeryToken; > } > > public string GetHttpRequestResult(string requestUrl, string method, > string contentType = "application/x-www-form-urlencoded", string strPostData > = null) > { > string httpResultString = null; > HttpWebRequest httpRequest = this.GenerateHttpRequest(requestUrl, > contentType, method, strPostData); > using (HttpWebResponse response = > (HttpWebResponse)httpRequest.GetResponse()) > { > using (Stream responseStream = response.GetResponseStream()) > { > if (responseStream != null) > { > using (StreamReader reader = new > StreamReader(responseStream)) > { > httpResultString = reader.ReadToEnd(); > } > } > } > > } > > return httpResultString; > } > > public HttpWebRequest GenerateHttpRequest(string requestUrl, string > contentType, string method, string strPostData) > { > HttpWebRequest request = > (HttpWebRequest)WebRequest.Create(requestUrl); > request.ContentType = contentType; > request.Method = method; > > if (!String.IsNullOrWhiteSpace(_antiForgeryToken)) > { > request.Headers.Add("x-csrf-token", _antiForgeryToken.Trim()); > } > > // This is necessary since during NTLM authentication with the > // auth server, a session ID is passed around in a cookie. This > // cookie will not be passed correctly during authentication if > // a cookie container is not specified as cookies are disabled > // by default. > > request.CookieContainer = new CookieContainer(); > > > return request; > } > } > > Any help will be appreciated! Thanks! > > Xiaoyong & Joe > > > > > > -- > Thanks > Parth > > CONFIDENTIALITY NOTICE > NOTICE: This message is intended for the use of the individual or entity to > which it is addressed and may contain information that is confidential, > privileged and exempt from disclosure under applicable law. If the reader of > this message is not the intended recipient, you are hereby notified that any > printing, copying, dissemination, distribution, disclosure or forwarding of > this communication is strictly prohibited. If you have received this > communication in error, please contact the sender immediately and delete it > from your system. Thank You. > > > CONFIDENTIALITY NOTICE > NOTICE: This message is intended for the use of the individual or entity to > which it is addressed and may contain information that is confidential, > privileged and exempt from disclosure under applicable law. If the reader of > this message is not the intended recipient, you are hereby notified that any > printing, copying, dissemination, distribution, disclosure or forwarding of > this communication is strictly prohibited. If you have received this > communication in error, please contact the sender immediately and delete it > from your system. Thank You. > > > CONFIDENTIALITY NOTICE > NOTICE: This message is intended for the use of the individual or entity to > which it is addressed and may contain information that is confidential, > privileged and exempt from disclosure under applicable law. If the reader of > this message is not the intended recipient, you are hereby notified that any > printing, copying, dissemination, distribution, disclosure or forwarding of > this communication is strictly prohibited. If you have received this > communication in error, please contact the sender immediately and delete it > from your system. Thank You. -- CONFIDENTIALITY NOTICE NOTICE: This message is intended for the use of the individual or entity to which it is addressed and may contain information that is confidential, privileged and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are hereby notified that any printing, copying, dissemination, distribution, disclosure or forwarding of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately and delete it from your system. Thank You.
