Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Include example of http API call using the mattermost-redux client options #83

Open
mickmister opened this issue Feb 4, 2020 · 3 comments
Labels
Hacktoberfest Help Wanted Community help wanted Up For Grabs Ready for help from the community. Removed when someone volunteers

Comments

@mickmister
Copy link
Contributor

mickmister commented Feb 4, 2020

Summary

With the MM server config setting ServiceSettings.ExperimentalStrictCSRFEnforcement enabled, any POST request that does not include the CSRF token supplied by the server will be rejected. In order to include the CSRF header supplied by the MM server, the webapp can use the getOptions method in the mattermost-redux client.

Tasks

  1. Update package.json to include the latest commit hash of mattermost-redux, similar to this method. Then run npm install in the webapp directory
  2. Create a server-side endpoint that requires the HTTP method to be POST
  3. Create a HTTP request in the webapp side of the plugin to hit this endpoint
    • Ensure Client.getOptions is used to create options for the request
    • An example can be found here

Testing

Enable ExperimentalStrictCSRFEnforcement in the MM server's config/config.json file, then restart the server if it is already running. With this value enabled, the API call will only succeed when including the CSRF token.

@mickmister mickmister added Help Wanted Community help wanted Up For Grabs Ready for help from the community. Removed when someone volunteers labels Feb 4, 2020
@hanzei
Copy link
Contributor

hanzei commented Feb 5, 2020

@mickmister I'm wondering if 2. and 3. should better take place in https://github.com/mattermost/mattermost-plugin-demo. I would like to keep the repo as minimal as possible given that it's often cloned. Let me know what you think.

@mickmister
Copy link
Contributor Author

mickmister commented Feb 5, 2020

@hanzei Makes sense to me. I just don't want someone to start developing a plugin that requires a webapp side, and then releasing a build that doesn't work with the CSRF settings on the server. Maybe we instead point to the demo plugin example in this repo's README?

@hanzei
Copy link
Contributor

hanzei commented Feb 5, 2020

Maybe even add a section to https://developers.mattermost.com/extend/plugins/webapp/best-practices/

@hanzei hanzei changed the title Help Wanted: Include example of http API call using the mattermost-redux client options Include example of http API call using the mattermost-redux client options Feb 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Hacktoberfest Help Wanted Community help wanted Up For Grabs Ready for help from the community. Removed when someone volunteers
Projects
None yet
Development

No branches or pull requests

4 participants