I'm trying to do a simple test with ripcord and php to login and get info of my installation of odoo 9.0 with the following script
$url = "http://localhost.8069";
$db = "odoo9";
$username = "admin";
$password = "mypassword";
$info = ripcord::client('http://127.0.0.1:8069')->start();
list($url, $db, $username, $password) = array($info['host'], $info['database'], $info['user'], $info['password']);
But when I open the php file on the browser i get this message on the console of Eclipse
Odoo URLs are CSRF-protected by default (when accessed with unsafeHTTP methods). Seehttps://www.odoo.com/documentation/9.0/reference/http.html#csrf formore details.
* if this endpoint is accessed through Odoo via py-QWeb form, embed a CSRF token in the form, Tokens are available via `request.csrf_token()` can be provided through a hidden input and must be POST-ed named `csrf_token` e.g. in your form add:
<input type="hidden" name="csrf_token" t-att-value="request.csrf_token()"/>
* if the form is accessed by an external third party (e.g. REST API endpoint, payment gateway callback) you will need to disable CSRF protection (and implement your own protection if necessary) by passing the `csrf=False` parameter to the `route` decorator.
2017-03-01 15:17:40,142 7776 INFO ? werkzeug: 127.0.0.1 - - [01/Mar/2017 15:17:40] "POST / HTTP/1.0" 400 -
2017-03-01 15:17:40,286 7776 WARNING ? openerp.http: No CSRF validation token provided for path '/'
Reading the documentation mentioned in the message (https://www.odoo.com/documentation/9.0/reference/http.html#csrf) seems i have to create a controller to handle the connections from a "third party" code, here's my question:
How and where I have to create that web controller to deactivate the csrf protection ? If you can help me with some examples or links with more info I'll be grateful.