This header is provided for use with services that write to freebase. It is one of the mechanisms in place to get around the problem of cross-site request forgery.
To allow HTML forms to use the service APIs, the services accept form POST requests which poses a risk of forged user actions. To be able to protect users from unauthorized form submissions generated by third-party sites and because client-side applications cannot set a custom HTTP header using an HTML form, most POST operations that result in a write to the system require this custom header.
The only exceptions are the /api/service/form_upload_* services. In order to support HTML input type="file" forms, it doesn't require the X-Metaweb-Request header and thus presents a cross-site request forgery vulnerability.
This header is used for two Freebase API services, mqlwrite and upload.
To allow HTML forms to use the service APIs, the services accept form POST requests which poses a risk of forged user actions. To be able to protect users from unauthorized form submissions generated by third-party sites and because client-side applications cannot set a custom HTTP header using an HTML form, most POST operations that result in a write to the system require this custom header.
The only exceptions are the /api/service/form_upload_* services. In order to support HTML input type="file" forms, it doesn't require the X-Metaweb-Request header and thus presents a cross-site request forgery vulnerability.
This header is used for two Freebase API services, mqlwrite and upload.
Search Help Center
Discussions
There are no conversations on this topic. Would you like to start one?
Start the Discussion »- Building Bases
- Creating Schemas
-
Developing Applications
- An Introduction to Freebase Application Development
- Playing in the Sandbox
- Freebase Programming Libraries and Tools
- Data Dump FAQ
- Using the Query Editor
- The Complete Metaweb Query Language (MQL) Reference Guide
- MQL Cheatsheet
- The MQL Cookbook
-
Freebase API Reference
- Common API Query Parameters
- Avoid caching problems when using the API
- X-Metaweb-Request
- api/status
- api/version
- api/service/mqlread
- api/service/mqlwrite
- api/service/search
- api/service/form_upload
- api/service/form_upload_image
- api/service/upload
- api/service/uri_submit_image
- api/service/uri_submit
- api/service/create_private_domain
- api/service/delete_private_domain
- api/service/touch
- api/trans/raw
- api/trans/blurb
- api/trans/image_thumb
- api/account/login
- api/account/logout
- dataserver/reconciliation
- api/account/loggedin
- Application Developer Tips
- The Acre Hosted Development Environment
- Introduction to the Metaweb Javascript Template Language (MJT)
- Freebase Community
