API call - Failed to load resource: net::ERR_NAME_NOT_RESOLVED

julian

Hi @eeeee, the URL of your hosted instance is aignite.nodebb.com, the .org tld is reserved for our own sites

eeeee

@julian Thanks, well spotted! I copied and pasted too far.

Well thats got me a step further, now API returns but with this
error
Unexpected token 'F', "Forbidden" is not valid JSON

julian

Right. POST requests are CSRF protected. Pass in the token in the headers object:

{
  ...
  'x-csrf-token': config.csrf_token,
  ...
}

eeeee

@julian said in API call - Failed to load resource: net::ERR_NAME_NOT_RESOLVED:

'x-csrf-token': config.csrf_token,

It worked!

Just so I can understand, it seems the custom JS area has access to the value of config.csrf_token,
If it was external code, how could I get that config.csrf_token value?

julian

@eeeee hmm, that gets me thinking that you shouldn't need the csrf token if you are passing in a Bearer token. It's supposed to not require it.

I wonder why you're seeing that requirement...

julian

I think I might know why though. Can you do me a favour and update the code to add credentials: 'omit' to options, and then comment out the line adding the csrf token?

I think what is happening is that when fetch() sends the request, it also sends the session cookie. NodeBB checks the session cookie, finds an active session, and uses that user, and ignores the bearer token.

eeeee

I tried that change,
so commented the csrf token line out and put in same place
credentials: 'omit',
Then it gave the
'F' not valid JSON .... error
again

Is headers right place for credentials?

julian

Ah, no, you'll want to put it in options. So, just outside of headers.

Edit: my mistake, in your code above, your variable was called option, singular. Add it to that object.

eeeee

@julian yes, thats fixed it!
Thanks

julian

@eeeee Cool! We both learned something new today.