Starting with DX 7.2.3.1 we have introduced CSRF protection for all the tools requests. In this context if you are executing requests against the tools to automate some tasks you will need to update your scripts to retrieve the token and use it in your requests.
Let say this was your original request:
wget -q -O - http://localhost:8080/modules/tools/precompileServlet?compile_type=all&jsp_precompile=true \
--user=jahia --password=password
What is the way to do it using the token?
You will need to execute two requests, the first one will be to retrieve the token and the session ID cookie, the second one will be your original request tweaked with the data you retrieved.
Using the example above it will become something like:
TOKEN=\$(wget -q -Ohttp://localhost:8080/modules/tools/precompileServlet \
--user=jahia --password=password --keep-session-cookies \
--save-cookies=cookies.txt | sed -n -e 's/.*toolAccessToken=([^\"]*\).*/\1/p’ | head -1);
wget -q -O - http://localhost:8080/modules/tools/precompileServlet?compile_type=all&jsp_precompile=true&toolAccessToken\=\$TOKEN \
--load-cookies=cookies.txt
But there are two cases to handle:
sed
is the following:sed -n -e 's/.*toolAccessToken=([^\"]*\).*/\1/p’
sed -n -e 's/.*toolAccessToken\” value=\"\([^\"]*\).*/\1/p’
You can modify the expiration time (in minutes) of the token as well by adding to your "jahia.properties" file the following line (default value is 20) :
toolsTokenExpiration = 20