REST API: CSRF Failed: Referer checking failed - no Referer.

1 users found this article helpful

Symptoms

When using the REST API in a secure context (https), the following error is shown:

{"detail":"CSRF Failed: Referer checking failed - no Referer."}

Cause

After initially obtaining the CSRF token, a referer should also be present.

Resolution

Add the referer in the header data of the HTTP request to the REST API.

For example, in PowerShell:

$session = New-Object Microsoft.PowerShell.Commands.WebRequestSession

# Login to the Workspace
$login_params = @{
 username='x';
 password='x';
 privacy_policy_accepted='true';
 logout_other_sessions='true';
 login_without_admin_rights= 'true';
} | ConvertTo-Json

$login_url = 'https://10.1.2.3/api/v2/sessions/'

Invoke-RestMethod -Method 'post' $login_url -Body $login_params    -WebSession $session -ContentType 'application/json'

# Extract csrftoken from cookie and set the x-csrftoken header for
$csrftoken = $session.Cookies.GetCookies($login_url)['csrftoken'].Value

# Add for next call
$session.Headers.Add('x-csrftoken', $csrftoken)
$session.Headers.Add('Referer',  'https://10.1.2.3/')

Was this article helpful?

Tell us how we can improve it.