I am doing some testing and I run a self-managed cluster using the docker-compose-core.yaml. well, at the first time I can open the operate service swagger UI from browser and I can execute some api calls successfully in the browser page, but not the second try and the tries later.
It seems that I can use the swagger to “try the apis” if I open another tab and login with demo. However, using curl doesn’t work any more. It worked well with 8.3.4, but not with 8.5.1. I think it was related with the OPERATE-X-CSRF-TOKEN.
Simply put:
curl -c cookie.txt -X POST ‘http://{{myhost}}:8081/api/login?username=demo&password=demo’
$ curl -v -b cookie.txt -X POST ‘http://{{myhost}}:8081/v1/process-definitions/search’ -H ‘Content-Type: application/json’ -d ‘{}’
Note: Unnecessary use of -X or --request, POST is already inferred.
Connection #0 to host 10.70.21.95 left intact
{“timestamp”:“2024-05-27T07:07:47.220+00:00”,“status”:403,“error”:“Forbidden”,“message”:“Forbidden”,“path”:“/v1/process-definitions/search”}%