Skip to main content

Hi, hope this is the right place to feed back with an api bug report.
I think there's possible a bug with https://developers.miro.com/reference/update-board
Boards updates but for some reason server returns internal error, maybe my request is incorrect.
I’ve attached request and response logs without bearer token.

Thanks for the support,
Vasily

Request:
Method: PATCH, RequestUri: 'https://api.miro.com/v2/boards/uXjVPMm5xU4%3d', Version: 1.1, Content: System.Net.Http.StringContent, Headers:
{
Accept: application/json
Authorization: Bearer
Content-Type: application/json
}
{"description":"some new description","name":"Test","policy":{"permissionsPolicy":{"collaborationToolsStartAccess":"all_editors","copyAccess":"anyone","sharingAccess":"team_members_with_editing_rights"},"sharingPolicy":{"access":"view","inviteToAccountAndBoardLinkAccess":"viewer","organizationAccess":"private","teamAccess":"edit"}},"teamId":"3458764536059967553"}

Response:
StatusCode: 500, ReasonPhrase: 'Server Error', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers:
{
Connection: keep-alive
Date: Mon, 17 Oct 2022 15:33:54 GMT
Server: nginx
Set-Cookie: AWSALBTG=Je+KRn7KvSyKTrrVjaNKjjzbnni5AND2g6VL9oa8CgnpkHbdrcN/F1TTklTk0VzbgafZJTWmdbyNIcw3vgw1QdhezUO9Ts57j5EWCQMRyN6PrD+DOE5QQvpqAyLHJI4wdMPey6dHi7RrIqvP71bzGScwu1keW5iJ4G13DYq+tuHw; Expires=Mon, 24 Oct 2022 15:33:54 GMT; Path=/
Set-Cookie: AWSALBTGCORS=Je+KRn7KvSyKTrrVjaNKjjzbnni5AND2g6VL9oa8CgnpkHbdrcN/F1TTklTk0VzbgafZJTWmdbyNIcw3vgw1QdhezUO9Ts57j5EWCQMRyN6PrD+DOE5QQvpqAyLHJI4wdMPey6dHi7RrIqvP71bzGScwu1keW5iJ4G13DYq+tuHw; Expires=Mon, 24 Oct 2022 15:33:54 GMT; Path=/; SameSite=None; Secure
Vary: Origin
Vary: Access-Control-Request-Method
Vary: Access-Control-Request-Headers
Content-Security-Policy: default-src 'self'
Referrer-Policy: no-referrer
X-RateLimit-Limit: 100000
X-RateLimit-Remaining: 99850
X-RateLimit-Reset: 1666020888
X-Request-ID: c7bf290c-b5ad-4d0e-a258-80168ceb432f
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: private, no-cache, no-store, no-transform, max-age=0, must-revalidate, proxy-revalidate
Pragma: no-cache
X-Frame-Options: DENY
Strict-Transport-Security: max-age=31536000
X-Cache: Error from cloudfront
Via: 1.1 6c183700546a331def0de99cb43d1574.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: HEL50-C2
X-Amz-Cf-Id: ytrtTPrLfQuXwfIi4hBFS_TETCX1doqJylTratr1M1UoKbEAt-smbQ==
Content-Type: application/json
Content-Length: 154
Expires: 0
}
{
"type" : "error",
"code" : "4.0003",
"context" : {
"boardId" : "uXjVPMm5xU4="
},
"message" : "Internal error occurred",
"status" : 500
}

Hi @gitbleidd, can you try removing the teamID parameter from the request. If you’re not moving the board to a different team then this parameter should not be in the request.


Yes, that fixed it. Thanks!


# From hackerOne
print('Searching for XSS')

x


<h1>XSS</h1>

 


Reply