-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Tasks API POST request does not accept csrf token #6742
Comments
Hi, please check this answer about the authentication parameters. |
Hi, thank you for your response. Sorry to ask again, but I'm not sure I understand your previous answer correctly, so I will ask again. I found a workaround for the previous issue of creating tasks, but the csrf token error is still causing problems. Now I'm trying to upload annotations from my local machine to an existing task. From my understanding there are two ways to do that. Either using the sdk or making requests directly, I've tried both. Using the sdk, I tried:
Which yields status code 400 and the HTTP response body: "No such file were uploaded", similar to #6287. I've tried using the cvat-sdk version corresponding to my server version (2.4.5) and using the newest cvat-sdk on pip. Since using the sdk didn't work for me after some attempts to fix it, I tried making requests directly:
Which yields status code 403 and Response content "CSRF Failed: CSRF token missing." I can upload the annotations via the UI without problems. The URL for my post request is copied from my browser, from successfully uploading annotations via the UI. |
Hi.
Unfortunately, as we discovered in the linked issue #6287, annotations now can only be uploaded via the TUS file uploading protocol. Both UI and high-level SDK use this protocol. Manual use via plain requests or low-level SDK is quite complicated with this protocol, so I recommend using the high-level SDK instead: import os
import sys
from cvat_sdk import make_client
from cvat_sdk.core.helpers import DeferredTqdmProgressReporter
API_KEY = os.getenv("CVAT_API_KEY", "<authorization token>")
API_SESSIONID = os.getenv("CVAT_API_SESSIONID", "<session id>")
API_CSRFTOKEN = os.getenv("CVAT_API_CSRFTOKEN", "<csrf token>")
def main(argv=None):
assert API_KEY and API_SESSIONID and API_CSRFTOKEN
with make_client("https://app.cvat.ai", port=443) as client:
client.api_client.set_default_header("Authorization", f"Token {API_KEY}")
client.api_client.cookies["sessionid"] = API_SESSIONID
client.api_client.cookies["csrftoken"] = API_CSRFTOKEN
# client.organization_slug = ""
client.config.status_check_period = 2
task_id = # fill in your task id
task = client.tasks.retrieve(task_id)
filename = f"task-{task_id}-cvat_for_images.zip"
task.export_dataset("CVAT for video 1.1", filename=filename,
pbar=DeferredTqdmProgressReporter(), include_images=False
)
task.import_annotations("CVAT 1.1", filename=filename,
pbar=DeferredTqdmProgressReporter()
)
main(sys.argv) |
Thank you very much, that kind of worked. A few issues: When uploading annotations to a new task for the first time I get the following error: Uploading data: 100%| [00:00<00:00, 490kB/s] When I run the same code again, the error turns into: Uploading data: 100%|| 174k/174k [00:00<00:00, 1.96MB/s] ..indicating that I cannot upload the same file twice? So I tried changing the name of the annotation file, which led to: Uploading data: 100%|| 174k/174k [00:00<00:00, 647kB/s] Which luckily created the annotations in my task! Nice! |
Hi, The errors about the
There is no high-level API option for this, but you can change this by adding |
Thank you for your help, I will update the server. |
How to solve the 403 problem with Rest API requests? I tried adding |
@YaoJusheng, hi, we need some information about how to obtain such an error. To our knowledge, it can be some server-side firewall problem or (corporate) proxy problem, so these are the first to be checked. If you can provide additional information, it will be possible for us to try help you. |
Similar to the example code above: import requests
import json
login_data='{"username":"admin_user","email":"", "password":"admin_password"}'
login_json = json.loads(login_data)
cvat_base_url = "http://cvat-server:8080"
login_response = requests.post(cvat_base_url+'/api/auth/login', json=login_json)
data={"role": "worker", "email": "user@example.com"}
response = requests.post(
cvat_base_url+'/api/invitations?org_id=1',
data=data,
headers={
"accept": "application/vnd.cvat+json",
"content-type": "application/json",
"Authorization": "Token " + login_response.json().get("key", ""),
"X-CSRFTOKEN": login_response.cookies.get("csrftoken", "")
},
cookies=login_response.cookies
) Result :
Environmental information: |
@YaoJusheng , are you sure the problem is with the authorization method? Is it possible that this user actually has no rights to invite users into the org? If the problem persists, consider switching to just the basic auth in each request. |
@zhiltsov-max Is there a more reliable solution without repeated login verification? |
That's very nice to see you've found a workaround.
We need more information about the problem. If you see the UI is working without problems, please try to find the difference in the requests between the UI and SDK. |
My actions before raising this issue
Steps to Reproduce (for bugs)
Expected Behaviour
I expect a new task to be created and status code 201 to be the response to my POST request.
Current Behaviour
Status code 403 is sent back, with the error in the response's content stating:
"CSRF Failed: CSRF token missing."
Curiously, downloading annotations from an existing task works with my login cookies, so i don't know why the csrf token would be missing when trying to create a new task.
Context
I am trying to automate the creation of new tasks and uploading data to them with the rest-api.
Your Environment
:The text was updated successfully, but these errors were encountered: