Skip to content

Include example of http API call using the mattermost-redux client options #83

Description

@mickmister

Summary

With the MM server config setting ServiceSettings.ExperimentalStrictCSRFEnforcement enabled, any POST request that does not include the CSRF token supplied by the server will be rejected. In order to include the CSRF header supplied by the MM server, the webapp can use the getOptions method in the mattermost-redux client.

Tasks

  1. Update package.json to include the latest commit hash of mattermost-redux, similar to this method. Then run npm install in the webapp directory
  2. Create a server-side endpoint that requires the HTTP method to be POST
  3. Create a HTTP request in the webapp side of the plugin to hit this endpoint
    • Ensure Client.getOptions is used to create options for the request
    • An example can be found here

Testing

Enable ExperimentalStrictCSRFEnforcement in the MM server's config/config.json file, then restart the server if it is already running. With this value enabled, the API call will only succeed when including the CSRF token.

Metadata

Metadata

Assignees

No one assigned

    Labels

    HacktoberfestHelp WantedCommunity help wantedUp For GrabsReady for help from the community. Removed when someone volunteers

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions