CSRF Token - ps1-ch/test GitHub Wiki

Login and save the cookies (incl. CSRF-Token)

$ curl -c cookies.txt -s -u user:password http://localhost:8080/api/user|jq
...

Look at the cookies

$ cat cookies.txt
# Netscape HTTP Cookie File
# https://curl.haxx.se/docs/http-cookies.html
# This file was generated by libcurl! Edit at your own risk.

#HttpOnly_localhost     FALSE   /       FALSE   0       JSESSIONID      3EBD505BE4FC199204B0F137F48EE531
localhost       FALSE   /       FALSE   0       XSRF-TOKEN      964ef101-2676-4151-8489-c0df81ea771c

Use session cookie and CSRF-Token for POST request

$ curl -b cookies.txt -d "account=account1" -d "_csrf=`awk '/XSRF-TOKEN/{print $7}' cookies.txt`" -s http://localhost:8080/api/select|jq
[
  {
    "messageNumber": 1,
    "from": "noreply@test",
    "subject": "test",
    "receivedDate": "2020-12-07T19:31:30.000+00:00",
    "size": 262425
  },
  ...
]