Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Forcing API calls to use a guest session?

asteraster New
edited July 2015 in Vanilla 2.0 - 2.8

Hi all,
I am implementing an ambitious community oriented browser plugin for our new vanilla forums. Here's my repo

One of the features I've implemented is the ability to preview the last or opening post by doing a mouse hover on the comment link from the discussions / category page (we had this feature in our old forums).

To do this I am making an api call on mouseover

It works great but the issue is that the API request is being made in the user's logged in credentials and it is marking the thread as read without the user actually entering it.

Is there any way to force the API call to make the request in the guest context?
The endpoint I am using is but I have found the documentation to be a little too light on this matter. Is there any way to tell the server to ignore the session ID maybe? I don't think it's possible to make the API request without sending the cookie that contains the session id.



  • @aster this site is for the open source version you are a customer of, the api is different in these versions and they support that.

    Nevertheless it should be similar to basic api.

    With client side scripting it is no different than html request it the same controller, and naturally is using the browser session.

    The way you would get a guest session with js request, is to proxy the request server to server. You would need to upload a script to a server that would do a curl request to that endpoint, to return the result.

    You would then request the proxy script.

    grep is your friend.

Sign In or Register to comment.