Ad

Axios Delete Method Gives 403

I am calling delete method from my node-js application.

Its working fine from Postman but giving me 403 while calling this API from code.

Below is my sample code snippet:

const instance = axios.create();
instance.interceptors.request.use((config) => {
    config.baseURL = 'https://test-dev.com/api/portfolio'
    config.headers = { 'Authorization' : 'Bearer ' + <TOKEN>}
    return config;
});
instance.delete('/admin?users=<VALUE>').then(function(response) {
    console.log("Deleted: "+<VALUE>);
}).catch(function (error) {
    console.log("Deletion failed with error:" + error);
});

EDIT:

Response (Coming from spring security APP):

Could not verify the provided CSRF token because your session was not found

I thought this is already handled by axios.

How can i pass this value in headers while calling delete method?

Any help?

Ad

Answer

You could either:

1 - Use the withCredentials property:

withCredentials: true

so:

axios.delete({
    url: 'https://test-dev.com/api/portfolio/admin?users=' + <VALUE>,
    headers: { 'Authorization' : 'Bearer ' + <TOKEN>},
    withCredentials: true
}).then(function(response) {
    console.log("Deleted: "+<VALUE>);
}).catch(function (error) {
    console.log("Deletion failed with error:" + error);
});

The XMLHttpRequest.withCredentials property is a Boolean that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-site requests.

2 - Set CSRF headers

Either:

headers: {'X-Requested-With': 'XMLHttpRequest',
'X-CSRF-TOKEN' : document.querySelector('meta[name="csrf-token"]').getAttribute('content')}

or

headers: {'X-Requested-With': 'XMLHttpRequest',
         'X-CSRFToken': 'your token here'}

or just:

headers: {'X-Requested-With': 'XMLHttpRequest'}

3 - Disable at own risk and if possible

Have a look at this article

Ad
source: stackoverflow.com
Ad