problem with curl http://192.168.0.4:8083/fhem?cmd.PorteSms=attr%20PorteSms%20di

[bend94]

Hi

I was using this command through curl to enable or disable attribute

enable:

curl "http://192.168.0.4:8083/fhem?cmd.PorteSms=attr%20PorteSms%20disable%200"

disable:

curl "http://192.168.0.4:8083/fhem?cmd.PorteSms=attr%20PorteSms%20disable%201"


I did an upgrade of fhem and reboot

now it doesn't work anymore
Please advise

regards

[MadMax-FHEM]

Now fhem uses a random token csrfToken in order to be safe against cross side resource forgery:

https://forum.fhem.de/index.php/topic,67419.0.html

sorry is in german but here is a short description in the commandref:

https://fhem.de/commandref.html#FHEMWEB

Regards, Joachim

[roedert]

attr <FHEMWEB-device> csrfToken none

[MadMax-FHEM]

attr <FHEMWEB-device> csrfToken none

That was NOT the intention of "inventing" that token!

Doing so is UNSAFE!!

Everyone is responsible for his own installation...
...and so can do whatever he wants...
...I just wanted to mention that!

Regards, Joachim

[rudolfkoenig]

now it doesn't work anymore
Please advise

If you take a look into your FHEM Log, you'll see a message like

Code Auswählen Erweitern

FHEMWEB WEB CSRF error:  ne csrf_500476365397455. For detals see the csrfToken FHEMWEB attribute


If you follow the instruction, and check https://fhem.de/commandref.html#csrfToken, you get a short explanation:

If set, FHEMWEB requires the value of this attribute as fwcsrf Parameter for each command. It is used as countermeasure for Cross Site Resource Forgery attacks. If the value is random, then a random number will be generated on each FHEMWEB start. If it is set to the literal string none, no token is expected. Default is random for featurelevel 5.8 and greater, and none for featurelevel below 5.8