Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jun 19, 2020 6:45:11 GMT
I'm trying to figure out the API (which is undocumented) to add and remove groups, and I have successfully done it from postman; however, I've run into the problem with proboard's cross-site request forgery (CSRF) id system. I have no idea how this id is generated and without it I can't send requests. Proboards has no real API and would really suck if I can't get around this. Wondering if anyone has a possible solution for this. When logging in or anything, no http request that is visible is sending this id, only the session id.
|
|
Wild1145
Club 4000 Member
Inactive Player & Inactive Senior Admin
Posts: 10,414
| Likes: 9,680
|
Post by Wild1145 on Jun 19, 2020 14:44:27 GMT
I'm fairly sure that's the point of CSRF Protection, to stop you doing probably exactly what you're doing.
I'd suggest unless you can use the plugin API to do what you're after (Which they seem to have) you might struggle to do a lot programmatically.
|
|
StevenNL2000
Forum Admin
Posts: 6,415
| Likes: 6,936
IGN: StevenNL2000
Timezone: UTC+01:00
Member is Staff. Need immediate assistance? Send a PM
|
Post by StevenNL2000 on Jun 19, 2020 20:13:35 GMT
I'd suggest unless you can use the plugin API to do what you're after (Which they seem to have) you might struggle to do a lot programmatically. The ProBoards plugin API is not what you think it is. You don't actually get to communicate with ProBoards' servers, it's literally just client-side JavaScript.
|
|
Wild1145
Club 4000 Member
Inactive Player & Inactive Senior Admin
Posts: 10,414
| Likes: 9,680
|
Post by Wild1145 on Jun 19, 2020 20:15:42 GMT
I'd suggest unless you can use the plugin API to do what you're after (Which they seem to have) you might struggle to do a lot programmatically. The ProBoards plugin API is not what you think it is. You don't actually get to communicate with ProBoards' servers, it's literally just client-side JavaScript. Yeah I did a bit of googling and it seemed that there was no good answer other than that. My assumption was there wasn't a lot that could be meaningfully done with it. As a separate thought for Seth, you might be able to do what you want to do with Selenium potentially, it's designed to basically run programatically and create a browser and then navigate to sites to run user acceptance testing, might do what you want to do here.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Jun 19, 2020 20:40:35 GMT
The ProBoards plugin API is not what you think it is. You don't actually get to communicate with ProBoards' servers, it's literally just client-side JavaScript. Yeah I did a bit of googling and it seemed that there was no good answer other than that. My assumption was there wasn't a lot that could be meaningfully done with it. As a separate thought for Seth, you might be able to do what you want to do with Selenium potentially, it's designed to basically run programatically and create a browser and then navigate to sites to run user acceptance testing, might do what you want to do here. If my theory is correct if I grab the session id and CSRF token and don't "logout" of the account the token and session id won't rotate. I'm testing it with TotalFreedom right now.
|
|