0

A customer has requested to have the exact same endpoints available through web interface as well as through REST API.

The same endpoint should be visible using web browser only when being logged in. When accessing it via REST API, a valid access token must be submitted.

The rule for this specific endpoint is defined as follows:

[
    'class' => 'yii\rest\UrlRule',
    'controller' => 'site',
    'pluralize' => false,
    'extraPatterns' => [
        'POST upload-raw-data' => 'uploadRawData'
    ],
]

Now, when I try to access this endpoint, I've got these results:

  • Browser: no problem
  • Postman / POST: 404 error
  • Postman / GET: no problem

    • When trying the same with enableStrictParsing enabled, I've got 404 errors all around.

    If I need to provide other parts of the code, I'll happily provide them.

    kurt
    • 11
    • 5
    • please specify if you are using token. You can also take a look https://github.com/yiisoft/yii2/issues/8153 – Hitesh Jangid Sep 04 '17 at 07:35
    • Yes, I'm using a token. I haven't gotten to validating it yet, just to get the basics of getting some output when using browser or rest – kurt Sep 04 '17 at 07:51

    1 Answers1

    0

    I think I found the solution for my issue. The problem seems to have been the CSRF validation.

    By disabling it for this specific action in beforeAction(), the POST call behaves as intended.

    public function beforeAction($action) {
    if ($action->id == 'upload-raw-data')
        Yii::$app->controller->enableCsrfValidation = false;

    return parent::beforeAction($action);
}

    source: https://gist.github.com/guerreiro/9e9cb3154b9047f5d2a0

    kurt
    • 11
    • 5