gavsto/AutomateAPI

Invalid anti-forgery token

Closed this issue · 2 comments

Control: 2020.13
Automate: 2020.11

I have had this issue for a while now.
Even the current git version throws

Invoke-ControlAPIMaster : An error has been thrown.
at Invoke-ControlAPIMaster<Process>, C:\Program
Files\WindowsPowerShell\Modules\AutomateAPI-git\Public\Invoke-ControlAPIMaster.ps1: line 92
at Connect-ControlAPI<End>, C:\Program Files\WindowsPowerShell\Modules\AutomateAPI-git\Public\Connect-ControlAPI.ps1:
line 231
at Connect-APIs, C:\Lokal\FixAutomateAgentsViaControl.ps1: line 7
at <ScriptBlock>, C:\Lokal\FixAutomateAgentsViaControl.ps1: line 10
at <ScriptBlock>, <No file>: line 1
-->
--> {"errorType":"UnauthorizedAccessException","message":"Invalid anti-forgery token","detail":null}
-----> Use 'Connect-ControlAPI' to set new authentication.
At C:\Program Files\WindowsPowerShell\Modules\AutomateAPI-git\Public\Connect-ControlAPI.ps1:231 char:41
+ ... Extension = Invoke-ControlAPIMaster -Arguments @{'URI' = "ReplicaServ ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], WriteErrorException
    + FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Invoke-ControlAPIMaster

ConvertFrom-Json : Cannot bind argument to parameter 'InputObject' because it is null.
At C:\Program Files\WindowsPowerShell\Modules\AutomateAPI-git\Public\Invoke-ControlAPIMaster.ps1:171 char:46
+             $SCData=$(Try {$Result.Content | ConvertFrom-Json} Catch  ...
+                                              ~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidData: (:) [ConvertFrom-Json], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationErrorNullNotAllowed,Microsoft.PowerShell.Commands.ConvertFrom
   JsonCommand

Without commenting the regex out there's also a parsing error:

parsing "https?://[a-z0-9][a-z0-9\.\-]*(:[1-9][0-9]*)?(\/[a-z0-9\.\_\-\/]*)?$" - Unrecognized escape sequence \_.
At C:\Program Files\WindowsPowerShell\Modules\AutomateAPI-git\Public\Connect-ControlAPI.ps1:93 char:13
+         If (!($Server -match 'https?://[a-z0-9][a-z0-9\.\-]*(:[1-9][0 ...
+             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [], ArgumentException
    + FullyQualifiedErrorId : System.ArgumentException

I committed an update to master to fix the regex error, please test again. If it fails, can you share the output from Connect-ControlAPI and also the full URL you use to access Control, with your server address removed?

I saw a similar error that resulted in an "Invalid anti-forgery token" error after a successful connection. In my case the issue was caused by Get-AutomateControlInfo cmdlet failing on line 99 of Compare-AutomateControlStatus.ps1 resulting in a "Forbidden" HTTP status message being returned by the Automate API.

I worked around this by forcing use of the internal monitor, which required dropping the If condition a few lines up on line 91:
If (!($ObjectRebuild.Count -le 15))