How to resolve CSRF protection error while adding service through Ambari api

Short Description:

This article will describe on how to disable CSRF protection in Ambari.

Article

Adding service through ambari gives error as shown below -

[root@sandbox ~]# curl -u admin:admin -i -X POST -d '{"ServiceInfo":{"service_name":"STORM"}}' http://192.168.123.129:8080/api/v1/clusters/Sandbox/services
HTTP/1.1 400 Bad Request
Set-Cookie: AMBARISESSIONID=qraouzksi4vktobhob5heqml;Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain
Content-Length: 107
Server: Jetty(7.6.7.v20120910)
{
  "status" : 400,
  "message" : "CSRF protection is turned on. X-Requested-By HTTP header is required."

You need to disable CSRF protection as mentioned below -

1.Login to ambari server using cli [superuser credentials]

vi /etc/ambari-server/conf/ambari.properties

2. Add below line at the bottom of the file

api.csrfPrevention.enabled=false

3. Restart ambari server

ambari-server restart

4. Try executing POST command again to add service and it should work

[root@sandbox ~]# curl -u admin:admin -i -X POST -d '{"ServiceInfo":{"service_name":"STORM"}}' http://192.168.123.129:8080/api/v1/clusters/Sandbox/services
HTTP/1.1 201 Created
Set-Cookie: AMBARISESSIONID=1t4c7yfbu64nw1nenrgplco7sd;Path=/
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: text/plain
Content-Length: 0
Server: Jetty(7.6.7.v20120910)

Thanks.