Calling online player from http request in node-red

crydrk · January 26, 2022, 8:56am

[edit] I swear to god I’ve been researching and noodling for two hours. Then right after posting did a search for http and found this: Global Stop all Playing via URL? - RESOLVED

I never thought to use a GET, because as someone who doesn’t know what POST/GET is, I never would have tried GET because that doesn’t sound like what I’d be trying to do. I am now properly calling these links.

…it’s always when you finally break down and post the question do you find the answer…

[Original message:]
Hello, new to networking here so forgive my ignorance, and using a system which may be obscure but hopefully some common terms in the settings themselves that someone can help me make sense of.

I’m using node-red and trying to send an http request. https://nodered.org/

I have the online player url for stop-all with my authentication, and am trying various options in the node for an http request. Tried the options PUT and POST using these URLs:

https://syrinscape.com/online/frontend-api/stop-all/?auth_token=----

syrinscape-online://syrinscape.com/online/frontend-api/stop-all/?auth_token=----

The http errors out with "CSRF verification failed. Request aborted.

  <p>You are seeing this message because this HTTPS site requires a 'Referer
   header' to be sent by your Web browser"

And it seems node-red will not allow the syrinscape-online proxy to even try with its functionality as-is. In that node I am able to use basic, digest and bearer authorization, the last of which seems most like some kind of token input but I don’t think it solves my CSRF problem.

Though node-red may not be a common thing, do any of these details sound workable for options on making an http request from here?

ryan.cassar · January 26, 2022, 10:38pm

Wow, looks like you’re trying to do something cool there! And I am especially happy to see you seem to have worked it out

For a bit of background, the syrinscape-online:// protocol is a desktop thing to launch the application and carry out the action this way, which is more appropriate for the Offline players (Fantasy, Sci-Fi, Board Game). I can understand node-red getting confused with the non-standard protocol, but given you’re using the Online Player, https:// makes plenty of sense, so no problems there.

As for the HTTP method, GET is the one your browser uses to fetch pages and generally supported by just about everything that can make a request. This is most of the reason we allow the stop-all request to come in via GET, because some integrations do not even have the option to make a POST request or any other kind. The other methods have stricter security policies, hence your CSRF troubles.

Let me know if you have any other question, troubles, or any successes I enjoy hearing what people are getting Syrinscape to do!

crydrk · January 27, 2022, 5:40pm

Mm, thank you for that explanation.

Trying to do something cool I think, yeah. Trying to combine my various effects and lighting control into a single interface. Replacing the audio portions of these types of projects with Syrinscape audio. My node-red projects Until now I either always had a separate tab up for dnd to use syrinscape, or for non-dnd projects run the audio through a pi or Unity. I wrote a little python script that lets me take that full online links csv and spit out a new one based on filters inputted from the user to get only the audio I wanted, and am now working on translating that subset into auto generated buttons for node-red.

ryan.cassar · January 27, 2022, 11:40pm

Sounds cool to me! Happy gaming