Getting Data In
Highlighted

get session key for included javascript app with logged in user

Explorer

i have included a react app into the splunk app. its just one aggregated file.
i want to trigger a upload via rest api (receivers/stream) to upload some csv data. my problem is that i need the session key for the request header (authorization: splunk )

i am already logged in as admin and dont want to start a new session via JS. how is it possible to get (best way with JS because i am not able to use python) the current user with session key for my rest api call?

thanks in advantage.

0 Karma
Highlighted

Re: get session key for included javascript app with logged in user

Splunk Employee
Splunk Employee

Take a look here, do a find on the page for "Retrieve" and take a look at the example code.

0 Karma
Highlighted

Re: get session key for included javascript app with logged in user

Explorer

@ssievert i have seen this already. this method uses its own login script with a loginmask to store jquery cookies. but if i am already logged in from the default login, the user has a session and a session key. but it is stored in http-only cookies which i cannot read out.

i dont want the user logs in two times.

0 Karma
Highlighted

Re: get session key for included javascript app with logged in user

Splunk Employee
Splunk Employee

OK, I see. I didn't notice that. You don't have access to the sessionToken, so the only other option is to try to post to the raw REST endpoint: /en-US/splunkd/__raw/servicesNS/admin/<app>/...
Give that a whirl and let us know what happens.

Highlighted

Re: get session key for included javascript app with logged in user

Explorer

@ssievert i tried this yesterday and it gives me a CSRF error (CSRF validation failed). i checked splunkd.log and the expected key and the given key is completley identical. i call the rest api via fetch + credentials:same-origin.

0 Karma
Highlighted

Re: get session key for included javascript app with logged in user

Engager

To reuse an existing Splunk web session for Javascript REST API calls, you obviously have to transfer the CSRF cookie content into an HTTP header. This is what works for me (Splunk 6.6.2):

var xhr = new XMLHttpRequest();
xhr.open('POST', '/en-US/splunkd/__raw/services/data/indexes', true);
xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
xhr.setRequestHeader('X-Splunk-Form-Key', document.cookie.match(/splunkweb_csrf_token_8000=(\d+)/)[1]); 
xhr.send("name=mybrandnewindex&output_mode=json")

View solution in original post