I have a GET endpoint which requires user to be logged in so I have set allow_guest=False
. I have another POST endpoint which is hit by an external form, but no authentication is required hence I have set allow_guest=True
.
I get a 400 Status (Bad Request)
everytime I do a POST and when I am logged in to Frappe. If I log out and try the POST request it’s 200 OK
. Why such a strange behaviour?
Is there anything I need to take care of, with respect to session ??
Please check data payload!
@saurabh6790 I analyzed the network request in both cases and the difference is only
curl 'http://path.to.method' -H 'Cookie: io=-LSQ....; user_image=; user_id=Guest; system_user=yes; full_name=Guest; sid=Guest'
v/s
curl 'http://path.to.method' -H 'Cookie: io=0TFlLHl8s....; user_image=; user_id=Administrator; system_user=yes; full_name=Administrator; sid=b69.....'
Can I change frappe.session.sid ? That’s the only thing which I changed in both curl
request and it worked.
This looks like CSRF token. Can I disable it using frappe.conf['ignore_csrf'] = True
Hi MR karan
did you solve it , i am facing same issue i have created the page and want to use whitelist method in JS but once i login and try it says bad request and if i do without login the it works as allowguest is true i need access it after login.
Please help