FHEM Forum

Hi

I was using this command through curl to enable or disable attribute

enable:

curl "http://192.168.0.4:8083/fhem?cmd.PorteSms=attr%20PorteSms%20disable%200"

disable:

curl "http://192.168.0.4:8083/fhem?cmd.PorteSms=attr%20PorteSms%20disable%201"


I did an upgrade of fhem and reboot

now it doesn't work anymore
Please advise

regards

Now fhem uses a random token csrfToken in order to be safe against cross side resource forgery:

https://forum.fhem.de/index.php/topic,67419.0.html

sorry is in german but here is a short description in the commandref:

https://fhem.de/commandref.html#FHEMWEB

Regards, Joachim

attr <FHEMWEB-device> csrfToken none

Zitat von: roedert am 28 März 2017, 22:48:05
attr <FHEMWEB-device> csrfToken none

That was NOT the intention of "inventing" that token!

Doing so is UNSAFE!!

Everyone is responsible for his own installation...
...and so can do whatever he wants...
...I just wanted to mention that!

Regards, Joachim

Zitatnow it doesn't work anymore
Please advise

If you take a look into your FHEM Log, you'll see a message like
FHEMWEB WEB CSRF error:  ne csrf_500476365397455. For detals see the csrfToken FHEMWEB attribute


If you follow the instruction, and check https://fhem.de/commandref.html#csrfToken, you get a short explanation:

ZitatIf set, FHEMWEB requires the value of this attribute as fwcsrf Parameter for each command. It is used as countermeasure for Cross Site Resource Forgery attacks. If the value is random, then a random number will be generated on each FHEMWEB start. If it is set to the literal string none, no token is expected. Default is random for featurelevel 5.8 and greater, and none for featurelevel below 5.8