AnsweredAssumed Answered

What Headers need to be sent to upload a file via rest api from add on?

Question asked by o.wagner on May 2, 2016
Latest reply on Jul 27, 2016 by Ryan Rutan

Hi there,

I'm trying (again...) to upload a file from within an add on via the v3 rest api. If I turn the system property jive.rest.internal.csrf.token.enabled to false in the admin console, everything works. But if I turn this one to true, I get the following response:

 

{   "code" : 4026,   "message" : "The request could not be validated as originating from within the SBS application" }

 

So I am in an jive hosted app inside an Iframe. To get the X-J-Token, I simply use "window.parent._jive_auth_token". The token is also send correct with the request header. Is there anything else I have to pay attention for? Did not really found anything about this topic in the community... The request header looks like this:

 

Accept:application/json, text/plain, */*ccept-Encoding:gzip, deflate
Accept-Language:en-US,en;q=0.8,de;q=0.6
Connection:keep-alive
Content-Length:857174
Content-Type:multipart/form-data; boundary=----WebKitFormBoundaryXnPUfQj5C3AqXWBB
Cookie:jive.login.ts=1462257220088; JSESSIONID=4C7B28E0EA4AC89DF022C0C9524CF5C9; jive.login.type=form; 
     jive.server.info="serverName=xxx.de:serverPort=443:contextPath=:localName=localhost:localPort=9001:localAddr=127.0.0.1"; 
     anonymous=false; st2=DtvrIhX1cBtiYpsU92SllSAHvXuoJEQgM/ob4bKNIck;
     X_JAPP_INSTANCE="SjEyXRAAAABdT3fzm7U8Yt52A4xuDs1AdsIgm3lZFxVQ5vnlGite9D7XL+spG4N0mVFVEZzoGnxT2KEG76Zuejh5YuYDGzVdG4L309NM8fZ7oLLZkasZH614uRDXnYPBtGISxlHD0pUEqfkl7xdHtYzFD4QO86Vf38t9tcZKH6PNiP3+SKHeUakPL8NbSFdMXrA="; 
     jive.security.context="7zLEhsMboX8b9pxorOwefwAAAAAAABRibYrwtoocKIG6ymmaNIMNgCp5EU+/NesWCj0vd9lDyYkevIOuYROq+mg="; 
     jive.user.loggedIn=true; 
     X-JCAPI-Token=R2S6SmlL
Host:xxx.de
Origin:https:/xxx.de
Referer:https://xxx.de/gadgets/ifr?url=https%3A%2F%2Fxxx.de%2Fresources%2Fadd-ons%2F95de32cf-8e42-490d-a2a9-9ed963b4cdb2%2F390851ee1e%2Fapps%2Fsimpleapp%2Fapp.xml&container=default&view=canvas&lang=en&country=US
     &debug=0&nocache=1&sanitize=0&v=b866885f336bd4bc1c3392b1291f056a&st=default%3A3lZnuOyPJsZSBL_F3H7Sj98Yp5PkkwsXrSgNF5nwh5EhaTtmrlIM-NqkSFcu6va7ERI_WbyoAsfCSsHvcb7X8_nmsBY_xQDbHc4ql4_CEHQnoVCfN5jR59O_ERoDs2pg
     6uWcoCtD9xJCvhxVSlizaY_qJyk3Ha_rVRVUiU_p9NpIzXA4XeyY05e6-oO-N_M_BTwN2V0QRQT7MQ5Y08MIA27OR1gXFsc44bf5VPD1IV0SvO0ZNNiN1-r1mIjEfacSxOX8Qg&testmode=0&parent=https%3A%2F%2Fxxx.de&mid=0
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/47.0.2526.73 Chrome/47.0.2526.73 Safari/537.36
X-J-Token:d7ba02df814e0fa1ee300d4ce80d5275b2683ff69f47af02b00d2e79aac838de

 

Thanks in advance

Onke

Outcomes