https://live.paloaltonetworks.com/t5/automation-api-discussions/bad-csrf-token-when-attempting-to-whitelist-hashes-from-api/m-p/381759#M2538 <P>Hey everyone,</P><P>&nbsp;</P><P>We are trying to whitelist a bulk of hashes using the Cortex XDR API (because the UI isn't working, we have an open case with support). The request always return the same error:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="YAlhazmi_1-1611398325577.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29649i57B65D66886D4846/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="YAlhazmi_1-1611398325577.png" alt="YAlhazmi_1-1611398325577.png" /></span></P><P>&nbsp;</P><P><FONT face="courier new,courier">400 Bad CSRF Token</FONT></P><P><FONT face="courier new,courier">Access is denied. This server can not verify that your cross-site request forgery token belongs to your login session. Either you supplied the wrong cross-site request forgery token or your session no longer exists. This may be due to session timeout or because browser is not supplying the credentials required, as can happen when the browser has cookies turned off.</FONT></P><P><FONT face="courier new,courier">check_csrf_token(): Invalid token</FONT></P><P>&nbsp;</P><P>This error ONLY shows up when we attempt to whitelist hashes. We can retrieve incidents and alerts using the same code (and hence same API key and ID) without any problem. The image below shows that it has key should be able to update the allow list.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="YAlhazmi_0-1611398274835.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29648iB5B9F65B8859EEEB/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="YAlhazmi_0-1611398274835.png" alt="YAlhazmi_0-1611398274835.png" /></span></P><P>&nbsp;</P><P>The url: "<EM>https://api-{domain}/public_api/v1/hash_exceptions/allow_list/</EM>"</P><P>&nbsp;</P><P>Any ideas are appreciated!</P><P>&nbsp;</P><P>P.S. This is the error from the UI</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="YAlhazmi_0-1611398975491.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29650iDF9D30FEF053EEF0/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="YAlhazmi_0-1611398975491.png" alt="YAlhazmi_0-1611398975491.png" /></span></P><P>&nbsp;</P> Sat, 23 Jan 2021 10:49:42 GMT YAlhazmi 2021-01-23T10:49:42Z https://live.paloaltonetworks.com/t5/automation-api-discussions/bad-csrf-token-when-attempting-to-whitelist-hashes-from-api/m-p/381759#M2538 <P>Hey everyone,</P><P>&nbsp;</P><P>We are trying to whitelist a bulk of hashes using the Cortex XDR API (because the UI isn't working, we have an open case with support). The request always return the same error:</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="YAlhazmi_1-1611398325577.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29649i57B65D66886D4846/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="YAlhazmi_1-1611398325577.png" alt="YAlhazmi_1-1611398325577.png" /></span></P><P>&nbsp;</P><P><FONT face="courier new,courier">400 Bad CSRF Token</FONT></P><P><FONT face="courier new,courier">Access is denied. This server can not verify that your cross-site request forgery token belongs to your login session. Either you supplied the wrong cross-site request forgery token or your session no longer exists. This may be due to session timeout or because browser is not supplying the credentials required, as can happen when the browser has cookies turned off.</FONT></P><P><FONT face="courier new,courier">check_csrf_token(): Invalid token</FONT></P><P>&nbsp;</P><P>This error ONLY shows up when we attempt to whitelist hashes. We can retrieve incidents and alerts using the same code (and hence same API key and ID) without any problem. The image below shows that it has key should be able to update the allow list.</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="YAlhazmi_0-1611398274835.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29648iB5B9F65B8859EEEB/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="YAlhazmi_0-1611398274835.png" alt="YAlhazmi_0-1611398274835.png" /></span></P><P>&nbsp;</P><P>The url: "<EM>https://api-{domain}/public_api/v1/hash_exceptions/allow_list/</EM>"</P><P>&nbsp;</P><P>Any ideas are appreciated!</P><P>&nbsp;</P><P>P.S. This is the error from the UI</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="YAlhazmi_0-1611398975491.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/29650iDF9D30FEF053EEF0/image-size/medium/is-moderation-mode/true?v=v2&amp;px=400" role="button" title="YAlhazmi_0-1611398975491.png" alt="YAlhazmi_0-1611398975491.png" /></span></P><P>&nbsp;</P> Sat, 23 Jan 2021 10:49:42 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/bad-csrf-token-when-attempting-to-whitelist-hashes-from-api/m-p/381759#M2538 YAlhazmi 2021-01-23T10:49:42Z https://live.paloaltonetworks.com/t5/automation-api-discussions/bad-csrf-token-when-attempting-to-whitelist-hashes-from-api/m-p/387602#M2562 <P>I see the same behaviour</P> Wed, 24 Feb 2021 16:21:09 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/bad-csrf-token-when-attempting-to-whitelist-hashes-from-api/m-p/387602#M2562 kreeves 2021-02-24T16:21:09Z https://live.paloaltonetworks.com/t5/automation-api-discussions/bad-csrf-token-when-attempting-to-whitelist-hashes-from-api/m-p/388166#M2567 <P>This is a documentation problem.&nbsp; The correct path is&nbsp;</P><P>&nbsp;</P><P><SPAN>/public_api/v1/hash_exceptions/allowlist/</SPAN></P><P>&nbsp;</P><P><SPAN>NOT</SPAN></P><P>&nbsp;</P><P><SPAN>/public_api/v1/hash_exceptions/allow_list/</SPAN></P> Fri, 26 Feb 2021 19:44:51 GMT https://live.paloaltonetworks.com/t5/automation-api-discussions/bad-csrf-token-when-attempting-to-whitelist-hashes-from-api/m-p/388166#M2567 kreeves 2021-02-26T19:44:51Z