Hello, I'm trying to do a simple test with ripcord and php to login and get info of my installation of odoo 9.0 with the following script [xmlrpc_test.php] start(); list($url, $db, $username, $password) = array($info['host'], $info['database'], $info['user'], $info['password']); ?> But when I open the

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

ลูกค้าสัมพันธ์
e-Commerce
ระบบบัญชี
สินค้าคงคลัง
PoS
โปรเจกต์
MRP

All apps

All Posts คน เหรียญรางวัล

แท็ก (View all)

odoo accounting v14 pos v15

เกี่ยวกับฟอรั่มนี้

ช่วยเหลือ

Web service API with ripcord

php xmlrpc webservice CSRF

2 ตอบกลับ

14131 มุมมอง

Nicolás Mena

Hello,

I'm trying to do a simple test with ripcord and php to login and get info of my installation of odoo 9.0 with the following script

[xmlrpc_test.php]

<?php
$url = "http://localhost.8069";
$db = "odoo9";
$username = "admin";
$password = "mypassword";
require_once('include/ripcord/ripcord.php');
$info = ripcord::client('http://127.0.0.1:8069')->start();
list($url, $db, $username, $password) =  array($info['host'], $info['database'], $info['user'], $info['password']);
?>

But when I open the php file on the browser i get this message on the console of Eclipse

Odoo URLs are CSRF-protected by default (when accessed with unsafeHTTP methods). Seehttps://www.odoo.com/documentation/9.0/reference/http.html#csrf formore details.
* if this endpoint is accessed through Odoo via py-QWeb form, embed a CSRF token in the form, Tokens are available via `request.csrf_token()` can be provided through a hidden input and must be POST-ed named `csrf_token` e.g. in your form add:
<input type="hidden" name="csrf_token" t-att-value="request.csrf_token()"/>
* if the form is generated or posted in javascript, the token value is available as `csrf_token` on `web.core` and as the `csrf_token` value in the default js-qweb execution context
* if the form is accessed by an external third party (e.g. REST API endpoint, payment gateway callback) you will need to disable CSRF protection (and implement your own protection if necessary) by passing the `csrf=False` parameter to the `route` decorator.
2017-03-01 15:17:40,142 7776 INFO ? werkzeug: 127.0.0.1 - - [01/Mar/2017 15:17:40] "POST / HTTP/1.0" 400 -
2017-03-01 15:17:40,286 7776 WARNING ? openerp.http: No CSRF validation token provided for path '/'

Reading the documentation mentioned in the message (https://www.odoo.com/documentation/9.0/reference/http.html#csrf) seems i have to create a controller to handle the connections from a "third party" code, here's my question:

How and where I have to create that web controller to deactivate the csrf protection ? If you can help me with some examples or links with more info I'll be grateful.

Best regards

Nicolás Mena

ผู้เขียน คำตอบที่ดีที่สุด

Thanks Axel, I've tryed that correction but now i get a 404 error in the console, that works in the same way for odoo.com instances and a standalone installation?

I've tryed /start and /xmlrpc routes.

2017-03-02 14:55:40,120 27569 INFO ? werkzeug: 127.0.0.1 - - [02/Mar/2017 14:55:40] "POST /start HTTP/1.0" 404 -2017-03-02 14:56:01,261 27569 INFO ? werkzeug: 127.0.0.1 - - [02/Mar/2017 14:56:01] "POST /xmlrpc HTTP/1.0" 404 -

Best Regards

EDIT: This problem was solved, i've reviewed my DB credentials and now it's working ok

Axel Mendoza

The thing is that you are not correctly using the start demo described here:

http://www.odoo.com/documentation/9.0/api_integration.html

To fix it just use this url like described in the docs

$url = "http://localhost.8069/start";

and keep the rest of your code, CSRF is another topic and you wouldn't reach it when using remote api, if you see a result asking for the csrf_token it's because your request is getting attended by an Odoo Web Controller instead of the services layer and you need to review your url like this case

สนุกกับการพูดคุยนี้ใช่ไหม? เข้าร่วมเลย!

สร้างบัญชีวันนี้เพื่อเพลิดเพลินไปกับฟีเจอร์พิเศษและมีส่วนร่วมกับคอมมูนิตี้ที่ยอดเยี่ยมของเรา!

ลงชื่อ

Related Posts	ตอบกลับ	มุมมอง
Fatal error: xmlrpc_encode_request(): XML-RPC doesn't support circular references in ripcord_client.php php xmlrpc webservice odoo	0 ม.ค. 16	7935
OpenERP 7.0 WebService : search_read() php xmlrpc 7.0 webservice	2 มิ.ย. 15	7242
XMLRPC WITH PHP php xmlrpc	0 มี.ค. 18	4985
Openerp xmlrpc PHP insert into re.users with company_id php xmlrpc	2 มี.ค. 15	11360
How to identify record is created from xmlrpc script(php) when create method overrite php xmlrpc	1 มี.ค. 15	8605

คำถามนี้ถูกตั้งค่าสถานะ

How and where I have to create that web controller to deactivate the csrf protection ? If you can help me with some examples or links with more info I'll be grateful.

สนุกกับการพูดคุยนี้ใช่ไหม? เข้าร่วมเลย!