Ignore CSRF protection for doActionFor workflow in Script Python on Plone 5

Question

I am trying to complete a workflow transition using Script Python.

Like this:

wtool = context.portal_workflow
obj = context.Plone.doc1
wtool.doActionFor(obj, 'publish')
obj.reindexObject()

But I have a confirmation page. This is the name of the page Confirming User Action.

I think this is an automatic CSRF protection feature. Please let me know. Ignoring protection for my script.

+4

terapyon Jul 08 '16 at 6:34

1 answer

ebrehault · Accepted Answer · 2016-07-08T07:22:42+0000

I assume your script is being called from a link. You need to change the way the script is called:

either call it POST in the form (plone.protect will automatically add an authentication token to your form),
(. http://docs.plone.org/develop/addons/upgrade_to_50.html?highlight=protect#csrf-protection)