# Generate a CSRF token

# Send a request with a CSRF token # NOTE: unless REST Client is configured to save cookies, set # the CSRF token and cookie received from the get request.

POST http://localhost:3000/ Content-Type: application/json X-CSRF-Token: 7SKFAcMp-kkCJzvx2lj9bh_xp99nVCFvduco Cookie: connect.sid=s%3A8pxvBDllmDdhlF7sBgyfnsb0g44Ia5eu.xrQ8E%2F2HUzpBXIFH1NoVUzWyxeQS%2FA82gW9aP9Nz8%2F8; Path=/; HttpOnly

{: "message": "Hello World!"

}

# Generate a CSRF token on successful login

POST http://localhost:3000/login Content-Type: application/json

{: "access": true

}

# Don't generate a CSRF token on successful login

POST http://localhost:3000/login Content-Type: application/json

{: "access": false

}

# Send a request without a CSRF token # This should fail with a 400 Bad Request

POST http://localhost:3000/ Content-Type: application/json

{: "message": "Goodbye World!"

}

# Get a message without a CSRF token

GET http://localhost:3000/de

# Send a successful post request without a CSRF token

POST http://localhost:3000/de Content-Type: application/json

{: "message": "Auf Weidersehen!"

}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

app.rest

app.rest

Files

app.rest

Latest commit

History

app.rest

File metadata and controls