thunder-client-support
thunder-client-support copied to clipboard
thunderclient
Fetch x-csrf-token header support
Is your feature request related to a problem? Please describe. Environment: v1.18.7 Using HTTP GET request with a header x-csrf-token with a value of "Fetch" is expected to fetch a CSRF token from the server. Right now, it does not throw any error or warning. Simply, the response payload contains an x-csrf-token header but empty value.
Describe the solution you'd like Please support retrieving CSRF token from a web server using the GET method via the x-csrf-token header.
Describe alternatives you've considered Tested using postman and the csrf token was retrieved and included in the response payload instead of an empty csrf key.
Implementation: None yet.
Hi @bensonrlee
Is it not your server issue?
what is the extension supposed to do?
can you provide any sample api for me to test and understand the problem
Hello @rangav ,
Had it been a server issue, I would expect the problem to show on all clients like postman and other clients. So, far I tested in 3 clients, and the other 2 behaved as expected. The thunder client is the only one that exhibited the problem.
I'd love to provide you a sample API to use but it is behind a firewall so you'd probably have some difficulty accessing it.
Is there any debug utility or anything that I can use instead that may potentially help in troubleshooting?
We have vscode setting Request Log change the option to Advanced then you can request details in the output window, will be useful to debug request
@bensonrlee Did you decoded the XSRF-TOKEN value from URL to string before use in the request?
I confirmed...
The value of the xsrf-token in Thunder Client is URL encoded (At Cookies tab from request response to /sanctum/csrf-cookie). When saving it to environment (or set in the X-XSRF-TOKEN header) you must be decoded to string before use.
See my comment in a similar issue: https://github.com/rangav/thunder-client-support/issues/629#issuecomment-1246288807