Closed
Description
When using the latest version of the API client (0.2.5) and Gophish (0.7.1),
state changing requests requests, for example "POST /api/templates/", fail with with status code 403. In addition, the server returns an error message stating that the wrong CSRF token has been submitted.
As the API supports bearer type authentication and requests are submitted using the content type "application/json", there should be no need for the CSRF tokens in this context.
Another possibility, while not as clean, is to reconfigure the underlying "requests" session to store and submit the CSRF token cookie value, but this may have other consequences.