![]() ![]() I set it to the hostname of the IBM Connections server and voila: happy times! After enabling that in Postman I was able to change the Origin header of my requests. The header is one of the ‘restricted’ headers that is automatically added by the browser (Chrome) and can’t be easily changed. Luckily, the people at Postman also thought of that and created the “ Postman Interceptor“: a Chrome extension that sits as a sort of proxy between your Postman requests. ![]() So the only thing left (since I like testing with Postman), was to figure out how to change that Origin header. Using a curl command I could easily bypass the header and confirm that it was indeed the cause of my problem. That’s by design and has something to do with cross-site request forgery. Turns out that IBM Connections doesn’t really like that. Origin: chrome-extension://fhbjgbiflinjbdggehcddcbncdddomop So by enabling the Chrome Developer tools for Postman, I was able to look at the exact HTTP request that Postman sends. And I found the Origin header that was already mentioned in the StackOverflow post: So, apparently there’s something fishy going on with Postman. My first thought was that it must be some strange access control setting hidden away deep in a config file (“don’t allow users to create stuff using the API”), but then I found someone with a similar issue on StackOverflow. The funny thing was that using the same credentials, I could create items using the web interface just fine. You are not authorized to perform the requested action. All GET and PUT requests came through fine, but I wasn’t able to create anything using a POST request to the API: every request I made returned a 403 error: While running the tests in Postman I ran into a big issue. My preferred application for that is Postman. The Connections API is pretty complex, so I normally run some ‘manual’ tests first based on the documentation, and then use those result to write the code to call the API. More specifically: I wanted to show and create activities based on some user input. I was doing some work with an Angular application talking to the IBM Connections API. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |