Firstly I have done the CSRF Check Failed search on the forum - the results do not seem to match my problem.
We have 2 OCS installations.
#1 Windows running WSL Ubuntu 20.04
#2 Linux native Ubuntu 20.04
Both installations are working correctly. We can sign in to the console, create and share files and folders and the OwnCloud client is successfully connecting and sharing files.
The next step of our project is to be able to dynamically share existing folders with users. In otherwords in response to an external event we want to either share a specific folder under one account with another user (or remove that share).
For this we are looking at the OCS API and specifically the Create Share Endpoint (OCS Share API :: ownCloud Documentation)
As a test we first called the capabilities API (OCS Rest API :: ownCloud Documentation)
For our tests we are using PostMan.
The capabilities call works fine and we get back a JSON structure defining the available capabilities on the server.
However when we call the Create Share API we get this
<?xml version="1.0"?>
<ocs>
<meta>
<status>failure</status>
<statuscode>996</statuscode>
<message>CSRF check failed</message>
<totalitems></totalitems>
<itemsperpage></itemsperpage>
</meta>
<data/>
</ocs>
We have tried various work-arounds (putting the OCS-APIRequest: true header in the request), different parameter values - same result.
In addition to PostMan we have tried cUrl and a PHP script with Guzzle as per the script example on the Create Share page - all return the same result.
Both installations are using 10.7
i did come across this link (http://owncloud.com/security-advisories/cross-site-request-forgery-in-the-ocs-api/) - just wondering if this fix did not perhaps cause something in the API to break - or introduce an additional requirement not in the docs.