Hi, I am attempting to use an API call to delete logs, assets, etc and encountering 403 Forbidden responses to the request. I am using the current 1.x dev docker image for farmOS. The issue is a bit strange in that the 403 comes when making the request from a page rendered in farmOS.
axios .delete('http://localhost/log/3') .then(response => alert(response.data)) .catch(error => console.log(error))
However, if I run a python script on the same machine the delete is successufl. The python code is:
> response = requests.delete("http://localhost/log/8", auth=HTTPBasicAuth(user, passwd)) > print(response)
In both cases, the session is authenticated with the same user who is the admin and has the “Farm Manager” role. In the farmOS page, authentication is via login. With python, it is via the basic authentication module.
Also, worth note is that when I issue the same request using Hoppscotch (like Postman) using basic authentication or in the same browser session (so relying on the login authentication) I still see the 403 but it also says “CSRF validation failed.”
I recognize that most development effort is now on 2.x, but if feels like I may just be missing something small, so any suggestions or pointers in the right direction would be appreciated. Thanks.