Good afternoon!
Today, I encountered the following error:
“This operation has been blocked as a potential Cross-Site Request Forgery (CSRF). Please either specify a ‘content-type’ header (with a type that is not one of application/x-www-form-urlencoded, multipart/form-data, text/plain) or provide a non-empty value for one of the following headers: x-apollo-operation-name, apollo-require-preflight.”
Switching the paths from https://speckle.xyz/graphql to https://app.speckle.systems/graphql helped resolve the issue.
I would like to clarify what changes are planned for this part in the future.
Also, I would like to understand what exactly the error above refers to.
Yes i have the same issue, and even when change the PATH and set the content-type: application/json and 'x-apollo-operation-name': 'CreateVersion' it is still giving me the CSRF error. Everything worked last week, and now nothing works? hmmm??
As you’ve noted, the correct URL to use moving forward is https://app.speckle.systems/graphql. While we do have URL forwarding for web traffic, using Postman or other tools for direct queries may trigger impersonation warnings when traffic is routed from one URL to another because that route forwarding is likely stripping headers from your request.
Regarding future changes, all our API endpoints need to be based on the one application, so it’s best to stick with the https://app.speckle.systems URL for now.
