cancel
Showing results for 
Search instead for 
Did you mean: 

Magento Web Service Connexion throught SSL under Talend 4.0.2 Version

Magento Web Service Connexion throught SSL under Talend 4.0.2 Version

Hello Community Smiley Happy
I try to make connexion to Magento Web service from a Java code
The Magento API  used for connexion is  Magento.Mage_Api_Model_Server_V2_HandlerBindingStub
The  version of Magento is running over SSL  
When trying to connect , i have this security exception :

 

 CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests.

(403) FORBIDDEN  
 at org.apache.axis.transport.http.HTTPSender.readFromSocket(HTTPSender.java:744)
   at org.apache.axis.transport.http.HTTPSender.invoke(HTTPSender.java:144)
   at org.apache.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:32)
   at org.apache.axis.SimpleChain.doVisiting(SimpleChain.java:118)
   at org.apache.axis.SimpleChain.invoke(SimpleChain.java:83)
   at org.apache.axis.client.AxisClient.invoke(AxisClient.java:165)
   at org.apache.axis.client.Call.invokeEngine(Call.java:2784)
   at org.apache.axis.client.Call.invoke(Call.java:2767)
   at org.apache.axis.client.Call.invoke(Call.java:2443)
   at org.apache.axis.client.Call.invoke(Call.java:2366)
   at org.apache.axis.client.Call.invoke(Call.java:1812)
   at Magento.Mage_Api_Model_Server_V2_HandlerBindingStub.login(Mage_Api_Model_Server_V2_HandlerBindingStub.java:2143)

 

Any idea please of the cause or of an alternative  API ?

With Thinks

3 REPLIES 3

Re: Magento Web Service Connexion throught SSL under Talend 4.0.2 Version

According to the error message, you should only add HTTP_REFERER field into the header of the request, and then you'll satisfy Magento's protection against CSRF (Cross Site Request Forgery).

If this response was helpful to you, consider giving kudos to this post.
If this response solved your problem, click accept as solution to help others solve this issue

Re: Magento Web Service Connexion throught SSL under Talend 4.0.2 Version

Think you for your reply
Effectively I added HTTP_REFERER, Then i have a new exception

 

CSRF verification failed Request canceled, You see This message because this page requires a CSRF cookie when processing form data. This cookie is necessary for security reasons to ensure that your web browser is not abused by third parties.

 

Re: Magento Web Service Connexion throught SSL under Talend 4.0.2 Version

You're missing CSRF cookie, it could be "csrftoken", depends. Still, it looks like you're doing something wrong, you should not experience those stuff during communication with Magento API. What is exactly API endpoint you're using, and what API call you're trying to make? I need more information about your implementation.

If this response was helpful to you, consider giving kudos to this post.
If this response solved your problem, click accept as solution to help others solve this issue