On 6/21/21 11:58 AM, Jens Günther wrote:
We wanted to do the same with Mailman3 (Docker, 3.3.3, Postorius 1.3.4):
<form method="POST" action="https://$domain/postorius/lists/$short_lisname.$domain/anonymous_subscribe">
<input name="email" value="" type="text"><br> <input name="email-button" value="Anmelden" type="submit"> </form>
When I now enter a mailaddress, the quoted error occurs.
This is Django protecting against CSRF. You need to GET the for with the (hidden) CSRF token before you can POST it.
Checking another answer directly to me, there seems to be another hint :-)
I believe you are attempting to use the MM Core API via http GET/POST, rather than via Postorius? That you have tried and get the CSRF error reported?
Typically this is because you need to add a token to the request to indicate to the MM Core that your request isn't a forgery. Typically this token is requested from Core and then presented with subsequent requests. Have you tried this?
Therefor it is needed to send also a token!? Or use another URL, not postorius in order to subscribe!? How can I submit such a token?
To submit the Token, you need to first GET the form which will have the token. Then you can include it in the POST data. This is not a satisfactory solution for your case.
As hinted above, you need to use the REST API. See https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/rest/docs/m...
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan