Short Description:
This article will describe on how to disable CSRF protection in Ambari.Article
Adding service through ambari gives error as shown below -
[root@sandbox ~]# curl -u admin:admin -i -X POST -d '{"ServiceInfo":{"service_name":"STORM"}}' http://192.168.123.129:8080/api/v1/clusters/Sandbox/services
HTTP/1.1 400 Bad Request
Set-Cookie: AMBARISESSIONID=qraouzksi4vktobhob5heqml;Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain
Content-Length: 107
Server: Jetty(7.6.7.v20120910)
{
"status" : 400,
"message" : "CSRF protection is turned on. X-Requested-By HTTP header is required."
You need to disable CSRF protection as mentioned below -
1.Login to ambari server using cli [superuser credentials]
vi /etc/ambari-server/conf/ambari.properties
2. Add below line at the bottom of the file
api.csrfPrevention.enabled=false
3. Restart ambari server
ambari-server restart
4. Try executing POST command again to add service and it should work
[root@sandbox ~]# curl -u admin:admin -i -X POST -d '{"ServiceInfo":{"service_name":"STORM"}}' http://192.168.123.129:8080/api/v1/clusters/Sandbox/services
HTTP/1.1 201 Created
Set-Cookie: AMBARISESSIONID=1t4c7yfbu64nw1nenrgplco7sd;Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain
Content-Length: 0
Server: Jetty(7.6.7.v20120910)
Thanks.