Custom plugin API call with csrf token

K

krazzer

New member
Joined
Jun 5, 2020
Messages
3
On my server there is a PHP selector, I'd like to use the API to set the PHP version and set the extensions.

This is an example request:

Code: 
POST /CMD_PLUGINS/phpselector/index.raw HTTP/1.1
Content-Type: application/x-www-form-urlencoded;charset=UTF-8
Accept: application/json, text/plain, */*
Host: someserver.com:2222
Cookie: csrftoken=15657c52ae599e23106065d697e8e40e; session=LgwMkGuoutybDPm23q3Mtx87t3O5hvq0ZkNKzH8t84SMUFMV3PpuNx1GyNKfIAgs
X-CSRFToken: 15657c52ae599e23106065d697e8e40e

MIME-type: application/x-www-form-urlencoded;charset=UTF-8
command: cloudlinux-selector
method: set
params[extensions]: {"apcu":"enabled","dom":"enabled","fileinfo":"enabled","gd":"enabled","imagick":"enabled","imap":"enabled","json":"enabled","mbstring":"enabled","mysqlnd":"enabled","nd_mysqli":"enabled","nd_pdo_mysql":"enabled","oauth":"enabled","opcache":"enabled","pdo":"enabled","pdo_dblib":"enabled","pdo_sqlite":"enabled","phalcon3":"enabled","phar":"enabled","posix":"enabled","redis":"enabled","soap":"enabled","sockets":"enabled","uploadprogress":"enabled","xmlreader":"enabled","xmlrpc":"enabled","xmlwriter":"enabled","xsl":"enabled","zip":"enabled"}
params[version]: 7.2
params[interpreter]: php
csrftoken: 15657c52ae599e23106065d697e8e40e

When doing the request without a token, or some random token, I get this response (which I understand)
{"logoutSignal":true,"result":"BAD FORGERY PROTECTION TOKEN"}

The problem is when using the API, I don't know the csrftoken, and I don't know how to retrieve it. When I do the request manually in the browser I can see a cookie containing the token, but I don't know I can get it with using the API.
 
Already figured it out. It turns out calling CMD_PLUGINS/phpselector/index.raw?a=cookie set the cookie, which I could retrieve and use.
 
You must log in or register to reply here.
Back
Top