CSRF blocked the API request

wurmlab / sequenceserver

Intuitive graphical web interface for running BLAST bioinformatics tool (i.e. have your own custom NCBI BLAST site!)

https://sequenceserver.com

GNU Affero General Public License v3.0

274 stars 114 forks source link

CSRF blocked the API request #809

Open wangqian0306 opened 1 month ago

wangqian0306 commented 1 month ago

Hi everyone, I found a fundamental question. The official documentation states that you can use the API to call SequenceServer. I also tried the recommended sequenceserver-remote-blast-python-api library, but I encountered CSRF interception.

I don't know about Ruby, but I asked GPT and saw that in code it seems that CSRF detection is permanently enabled. Can we make this a configuration item? Or is there another API to get CSRF Token?

tadast commented 1 month ago

You're right, this is a bug, sorry. We might need to make CSRF protection configurable as a temporary measure. While we're working on it, you should be able to comment out/delete the line you've linked to disable it.

yannickwurm commented 1 month ago

Hi @wangqian0306 - we'd be delighted for a pull request that makes this an optional setting

wangqian0306 commented 1 month ago

@yannickwurm Is this correct? https://github.com/wurmlab/sequenceserver/pull/810