The Files CMIS API supports extensions to support HTML form endpoints. To protect against CSRF attack vectors, all HTML form endpoints that accept a POST or PUT operation require a nonce security token to provided by the caller to complete.
To fetch the nonce token, clients must perform a GET operation on the URI identified by the link whose relation is equal to http://www.ibm.com/xmlns/prod/sn/cmis/nonce contained in the CMIS service document.
If the request is a POST/PUT/DELETE operation whose content-type starts with application/x-www-form-urlencoded
, the nonce security token must be provided by the client to complete the operation.
Parent topic: Files CMIS API extensions