- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Website monitoring - CSRF validation failed- How c...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Website monitoring - CSRF validation failed- How can I fix?
Hi,
does anyone has experience with website monitoring app
I am facing issue with adding inputs, especially if input (check) requires HTTP Authentication.
error is : " 401 Splunk cannot authenticate the request. CSRF validation failed "
Request URL: https://xxxx:8443/en-US/splunkd/__raw/services/storage/passwords?output_mode=json
Request Method: POST
Status Code: 401 Splunk cannot authenticate the request. CSRF validation failed.
Remote Address: 10.217.11.78:8443
Referrer Policy: no-referrer
I find out that request is missing one header parameter X-Splunk-Form-Key
requestURL: en-US/splunkd/__raw/services/storage/passwords?output_mode=json
request header:
Accept: text/javascript, text/html, application/xml, text/xml, */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8,sk;q=0.7
Connection: keep-alive
Content-Length: 61
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Cookie: mintjs%3Auuid=02ced06b-7ec3-40e2-8e0b-91040e343001; built_by_tabuilder=yes; ta_builder_current_ta_name=TA-splunk-backup; ta_builder_current_ta_display_name=Splunk%20backup; splunkweb_csrf_token_8443=1505950XXXXXXXXXXX; session_id_8443=6e995a2d52b3a34ade550aafff50XXXXXXXXXXX; splunkd_8443=OUucWpZKKsQtgnedQ98lJ5VRCosW7HAdUh6fia3B^Q^D9HofK5tn11AwTAEiKXhzUL_HPsAiG91v8evtXcVri9MYUmXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0fCIm84az_izL
Host: xxxx:8443
Origin: https://xxxx:8443
sec-ch-ua: "Not?A_Brand";v="8", "Chromium";v="108", "Google Chrome";v="108"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36
X-Requested-With: XMLHttpRequest
Response header :
Connection: Keep-Alive
Content-Length: 104
Content-Type: application/json; charset=UTF-8
Date: Thu, 08 Dec 2022 23:06:45 GMT
Server: Splunkd
Vary: Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Any idea why is this parameter missing?
Splunk runs on linux
I tried : clear cache, incognito window,
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I was able to resolve these issues by clearing browser cache and cookies while testing some input configurations for Salesforce Streaming add-on.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi. Any solution to this, i have the same issue get this in the log.
ERROR UiAuth [ TcpChannelThread] - Request from /en-US/splunkd/__raw/services/storage/passwords?output_mode=json" failed CSRF validation -- expected key "[REDACTED]3146" and header had key ""
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What's New in Splunk Cloud Platform 9.3.2411?
Buttercup Games: Further Dashboarding Techniques (Part 6)
Technical Workshop Series: Splunk Data Management and SPL2 | Register here!
