From 3830c405a80e7581e778f2a7894e5fa5e2b5ec0d Mon Sep 17 00:00:00 2001 From: jfefe Date: Tue, 22 Nov 2016 23:41:46 +0100 Subject: [PATCH] =?UTF-8?q?Disable=20CSRF=20check=20for=20REST=C2=A0API?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This allow to do POST requests from another website. --- htdocs/api/index.php | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/htdocs/api/index.php b/htdocs/api/index.php index 660c90d3476..a390ecfa6e3 100644 --- a/htdocs/api/index.php +++ b/htdocs/api/index.php @@ -26,6 +26,7 @@ * */ if (! defined("NOLOGIN")) define("NOLOGIN",'1'); +if (! defined("NOCSRFCHECK")) define("NOCSRFCHECK",'1'); $res=0; if (! $res && file_exists("../main.inc.php")) $res=include '../main.inc.php'; @@ -121,9 +122,9 @@ foreach ($modulesdir as $dir) $classname = str_replace('Api_','',ucwords($reg[1])).'Api'; $classname = ucfirst($classname); require_once $dir_part.$file_searched; - if (class_exists($classname)) + if (class_exists($classname)) { - dol_syslog("Found API classname=".$classname); + dol_syslog("Found API classname=".$classname); $api->r->addAPIClass($classname,''); $listofapis[]=array('classname'=>$classname, 'fullpath'=>$file_searched); } @@ -142,7 +143,3 @@ foreach ($modulesdir as $dir) // Call API (we suppose we found it) $api->r->handle(); - - - -