Open aaronfay opened 11 years ago
Attempting to create new posts via the api (using the examples provided) fails with cross site scripting error.
$ curl -X POST -H'Content-Type: application/json' -d'{"title": "An awsome post by me\n---\n\nfoo bar post this"}' http://codrspace.com/api/post/?username=aaronfay&api_key=<my-key> [1] 7193 $ <!DOCTYPE html> <html lang="en"> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <meta name="robots" content="NONE,NOARCHIVE"> <title>403 Forbidden</title> <style type="text/css"> html * { padding:0; margin:0; } body * { padding:10px 20px; } body * * { padding:0; } body { font:small sans-serif; background:#eee; } body>div { border-bottom:1px solid #ddd; } h1 { font-weight:normal; margin-bottom:.4em; } h1 span { font-size:60%; color:#666; font-weight:normal; } #info { background:#f6f6f6; } #info ul { margin: 0.5em 4em; } #info p, #summary p { padding-top:10px; } #summary { background: #ffc; } #explanation { background:#eee; border-bottom: 0px none; } </style> </head> <body> <div id="summary"> <h1>Forbidden <span>(403)</span></h1> <p>CSRF verification failed. Request aborted.</p> </div> <div id="explanation"> <p><small>More information is available with DEBUG=True.</small></p> </div> </body> </html>
Attempting to create new posts via the api (using the examples provided) fails with cross site scripting error.