Csrf Token

lcda1 · August 27, 2021, 10:04am

Hi everyone,

I am trying to get and set the “_csrf token” but still haven’t found a solution for it.
Does anyone have experience with this topic?
My first HTTP request seems to works but the second one says “invalid csrf token”
I even tried using with and without authentication (basic auth) but the result is the same.

My steps are:

HTTP Request 1 : “GET request method” + “URL” that contains /init in the end.

image1536×699 33.6 KB

image1532×688 30.1 KB
HTTP Request 2: “POST request method” + URL that contains /signin in the end.

image1535×410 39.7 KB

Thank you advance for your help and/or suggestions.

Sincerely,

Lara

harshil1712 · August 27, 2021, 10:13am

Hey @lcda1!

Do you receive the CSRF Token in the output of the first HTTP Request node? You should set the Full Response additional option to true to get the Headers as well.

lcda1 · August 27, 2021, 10:21am

Hi @harshil1712 ,

Thank you for replying.

This is the result from the first HTTP request:

I do receive the information from the csrf token but maybe it is not the expected one?

harshil1712 · August 27, 2021, 11:12am

Hey @lcda1,

It looks like you’re not referencing the value correctly in the second HTTP Request node. In the Name field, you should enter the header name eg. _csrf. In the Value field, you should get this data from the previous field via Expression.

But before doing that, you will have to transform the set-cookie array into an array of object. Currently, the array elements contain both the Key and the Value. Hence, referencing them will be an issue. Alternatively, if you’re confident about the position of the _csrf element in the array, you can refer to it via its position.

lcda1 · August 27, 2021, 11:37am

Hi @harshil1712,

Amazing! Yes I got the issue and will try to split the information from the set-cookie.
Thank you very much.

Best regards,

Lara