Closed chris03 closed 4 years ago
Hi, @chris03! Thank you for reporting it. I've created the bug in our YouTrack. We'll try to fix it ASAP. Please, watch\vote it to get all future updates.
For others hitting this page, here is an example powershell call to queue a build using the new CORS header:
$bearerToken = "Your Team City API Token Here"
$csrfToken = (Invoke-WebRequest https://TeamCityServerHere/authenticationTest.html?csrf -Headers @{"Authorization" = "Bearer $bearerToken"}).Content
Invoke-WebRequest https://TeamCityServerHere/action.html?add2Queue=Your_Build_Id_Here -Method POST -Headers @{"Authorization" = "Bearer $bearerToken"; "X-TC-CSRF-Token" = "$csrfToken"}`
The first line is the API Token generated from the User's Profile page in Team City. The second line makes the call to get the CSRF header needed for that actual call you are going to make. The third line is the actual call you are making. It adds in the CSRF header.
I get the following error after a successful login:
My guess is that the new CSRF check since version 2020.01 prevents the POST request to pass. See: https://www.jetbrains.com/help/teamcity/upgrade-notes.html#UpgradeNotes-LimitationofCORSsupportforwritingoperations
The only way I can get it to work is to disable csrf security by settings these internal properties: