@@ -170,7 +170,8 @@ with a REST API supporting JSON encoding::
170170 ... exit(1)
171171 >>> print (r.json() ['data']['data']
172172 TEST Title
173- >>> r = s.post (u + 'issue', data = dict (title = 'TEST Issue'))
173+ >>> h = {'X-Requested-With': 'rest', 'Referer': 'http://tracker.example.com/demo/'}
174+ >>> r = s.post (u + 'issue', data = dict (title = 'TEST Issue'), headers=h)
174175 >>> if not 200 <= r.status_code <= 201:
175176 ... print("Failed: %s: %s" % (r.status_code, r.reason))
176177 ... exit(1)
@@ -184,14 +185,19 @@ Retire/Restore::
184185 >>> print("ETag: %s" % etag)
185186 >>> etag = r.json()['data']['@etag']
186187 >>> print("@etag: %s" % etag)
187- >>> h = {'If-Match': etag}
188+ >>> h = {'If-Match': etag, 'X-Requested-With': 'rest', 'Referer': 'http://tracker.example.com/demo/' }
188189 >>> d = {'@op:'action', '@action_name':'retire'}
189190 >>> r = s.patch(u + 'issue/42', data = d, headers = h)
190191 >>> print(r.json())
191192 >>> d = {'@op:'action', '@action_name':'restore'}
192193 >>> r = s.patch(u + 'issue/42', data = d, headers = h)
193194 >>> print(r.json())
194195
196+ Note the addition of headers for: x-requested-with and referer. This
197+ allows the request to pass the CSRF protection mechanism. You may need
198+ to add Origin if this check is enabled in your tracker's config.ini.
199+
200+
195201Adding new rest endpoints
196202=========================
197203
0 commit comments