axios delete method gives 403

Question

I am calling delete method from my node-js application.

Its working fine from Postman but giving me 403 while calling this API from code.

Answer 1

You could either:

1 - Use the withCredentials property:

withCredentials: true

so:

axios.delete({
    url: 'https://test-dev.com/api/portfolio/admin?users=' + <VALUE>,
    headers: { 'Authorization' : 'Bearer ' + <TOKEN>},
    withCredentials: true
}).then(function(response) {
    console.log("Deleted: "+<VALUE>);
}).catch(function (error) {
    console.log("Deletion failed with error:" + error);
});

The XMLHttpRequest.withCredentials property is a Boolean that indicates whether or not cross-site Access-Control requests should be made using credentials such as cookies, authorization headers or TLS client certificates. Setting withCredentials has no effect on same-site requests.

2 - Set CSRF headers

Either:

headers: {'X-Requested-With': 'XMLHttpRequest',
'X-CSRF-TOKEN' : document.querySelector('meta[name="csrf-token"]').getAttribute('content')}

or

headers: {'X-Requested-With': 'XMLHttpRequest',
         'X-CSRFToken': 'your token here'}

or just:

headers: {'X-Requested-With': 'XMLHttpRequest'}

3 - Disable at own risk and if possible

Have a look at this article

Answer 2

So after a number of tries, I found it working.

Please follow the order sequence it's very important else it won't work

axios.delete(
        URL,
        {headers: {
          Authorization: authorizationToken
        },
        data:{
          source:source
        }}
      );