Wednesday, December 30, 2015

haskell yesod curl POST request ... handling CSRF 


get the cookie with token in it:

$ curl -c cookie.txt http://localhost:3000/

$ cat cookie.txt 
# Netscape HTTP Cookie File
# http://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_localhost FALSE / FALSE 1451524550 _SESSION gxV1yVNefLhiS7K3/ukfWWi5GXfD7wXfwJFYDXk3fz/HvyPqcSIcU7BBIKdOrj0jrpcU9DroL0+ioD3rr8cbvCSy+A+jPDpt/8kkiSPjYE86cGyTiueVo2cOGWcc8=
localhost FALSE / FALSE 0 XSRF-TOKEN seQLdve8GY


use token:

$ curl -v \
    --cookie cookie.txt \
    -c cookie.txt \
    -H "x-xsrf-token: seQLdve8GY" \
    -H "Accept: application/json" \
    -H "Content-Type: application/json" \
    -X POST \
    -d '{"foo":"bar", ...}' \
    http://localhost:3000/updateDruckprodukt
Posted by Alex Greif at 3:34 PM
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)