Codrspace / codrspace

The blogging platform for coders.
http://codrspace.com
Other
35 stars 13 forks source link

New post to API fails with CSRF error #57

Open aaronfay opened 11 years ago

aaronfay commented 11 years ago

Attempting to create new posts via the api (using the examples provided) fails with cross site scripting error.

$ curl -X POST -H'Content-Type: application/json' -d'{"title": "An awsome post by me\n---\n\nfoo bar post this"}' http://codrspace.com/api/post/?username=aaronfay&api_key=<my-key>
[1] 7193
$ 
<!DOCTYPE html>
<html lang="en">
<head>
  <meta http-equiv="content-type" content="text/html; charset=utf-8">
  <meta name="robots" content="NONE,NOARCHIVE">
  <title>403 Forbidden</title>
  <style type="text/css">
    html * { padding:0; margin:0; }
    body * { padding:10px 20px; }
    body * * { padding:0; }
    body { font:small sans-serif; background:#eee; }
    body>div { border-bottom:1px solid #ddd; }
    h1 { font-weight:normal; margin-bottom:.4em; }
    h1 span { font-size:60%; color:#666; font-weight:normal; }
    #info { background:#f6f6f6; }
    #info ul { margin: 0.5em 4em; }
    #info p, #summary p { padding-top:10px; }
    #summary { background: #ffc; }
    #explanation { background:#eee; border-bottom: 0px none; }
  </style>
</head>
<body>
<div id="summary">
  <h1>Forbidden <span>(403)</span></h1>
  <p>CSRF verification failed. Request aborted.</p>

</div>

<div id="explanation">
  <p><small>More information is available with DEBUG=True.</small></p>
</div>

</body>
</html>