Skip to Content Skip to Menu

[SOLVED] Unable to POST form data programmatically and spoof fields

  • shashasha
  • shashasha
  • OFFLINE
  • Posts: 3
  • Thanks: 0
  • Karma: 0
7 years 2 months ago - 7 years 2 months ago #296738 by shashasha
Hi there! I'm trying to write an app that interacts with a site that uses Community Builder. I'm unable to POST any data to CB-managed forms via headless web clients or Postman, they come back with status 200 but an unauthorized error in the page source. POST through a normal web browser works fine.

I took a peek at the request data through a browser, and it looks like I'm missing the cbsecuritym3 token labelled as a spoof-check value. Including that would be difficult since it's rendered in Javascript and these web clients only offer the initial HTML response.

I turned off spoof checking in Community Builder settings and confirmed "enableSpoofCheck":"0" in _comprofiler_plugin DB table, but that token is still being sent on every POST through the browser.

Is there another way to disable it? Or does disabling still send the value without requiring it, in which case does anyone have thoughts on why else programmatic POSTs might come back unauthorized when programmatic GETs and browser POSTs succeed?

Thanks so much for any thoughts you have on this!

[Note: Originally posted to wrong forum section but it looks like I can't delete/move it, admins please feel free to delete the original . Thank you!]
Last edit: 7 years 2 months ago by krileon. Reason: Added [SOLVED] tag to subject

Please Log in or Create an account to join the conversation.

  • krileon
  • krileon
  • ONLINE
  • Posts: 48541
  • Thanks: 8290
  • Karma: 1445
7 years 2 months ago #296794 by krileon
You will not be able to POST form data outside of CB. Our spoof checking will prevent that. You need to create a Joomla extension or CB plugin with your needed and secured JSON endpoints. Do not alter the forms code creating a vulnerability in your install. You can use CB Auto Actions as JSON endpoints if you like by setting Triggers to None and just directly accessing the actions with a Code action to run whatever code you need.


Kyle (Krileon)
Community Builder Team Member
Before posting on forums: Read FAQ thoroughly + Read our Documentation + Search the forums
CB links: Documentation - Localization - CB Quickstart - CB Paid Subscriptions - Add-Ons - Forge
--
If you are a Professional, Developer, or CB Paid Subscriptions subscriber and have a support issue please always post in your respective support forums for best results!
--
If I've missed your support post with a delay of 3 days or greater and are a Professional, Developer, or CBSubs subscriber please send me a private message with your thread and will reply when possible!
--
Please note I am available Monday - Friday from 8:00 AM CST to 4:00 PM CST. I am away on weekends (Saturday and Sunday) and if I've missed your post on or before a weekend after business hours please wait for the next following business day (Monday) and will get to your issue as soon as possible, thank you.
--
My role here is to provide guidance and assistance. I cannot provide custom code for each custom requirement. Please do not inquire me about custom development.

Please Log in or Create an account to join the conversation.

  • shashasha
  • shashasha
  • OFFLINE
  • Posts: 3
  • Thanks: 0
  • Karma: 0
7 years 2 months ago #296814 by shashasha
Thanks for your help!

Please Log in or Create an account to join the conversation.

Moderators: beatnantkrileon
Powered by Kunena Forum