fix 403 response when hitting the VA notify email endpoint for appoint #96311
Assignees
Labels
accredited-representation-management-team
Accredited Representation Management team
frontend
mvp
Initial version of thing
Milestone
Comments
oddball-lindsay
added
mvp
oddball-lindsay
added this to the ARM Development: Appoint a Representative 1.0 (MVP) milestone
9 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Slack convo for context:
Josh Fike
20 minutes ago
I'm working on testing the VA Notify email and I'm getting a 403 Forbidden response from the server. The controller for that endpoint looks like most of the other ones in the representation_management module with skip_before_action :authenticate present. The only difference I see in the chrome inspector network tab is that the request before this one for PDF generation sends along a Cookie and a X-CSRF-Token. The request for the next steps email endpoint doesn't have either of those.
Does missing those two fields or maybe the Cookie specifically seem like a cause for the 403 Forbidden?
Is it straightforward to add those fields to the next steps email request?
2 replies
Holden Hinkle
17 minutes ago
Yes, I think the X-CSRF-Token (and possibly the cookie) is the issue - it allows the api to sort of authenticate the request.
Josh Fike
16 minutes ago
I'm suspicious of the cookie because I'm not getting a CSRF error and I know those are usually specifically called out.
The text was updated successfully, but these errors were encountered: