Jef*_*eff 43 python csrf python-requests
你如何通过python模块请求传递csrftoken?这就是我所拥有但它不起作用,而且我不确定将它传入哪个参数(数据,标题,认证...)
import requests
from bs4 import BeautifulSoup
URL = 'https://portal.bitcasa.com/login'
client = requests.session(config={'verbose': sys.stderr})
# Retrieve the CSRF token first
soup = BeautifulSoup(client.get('https://portal.bitcasa.com/login').content)
csrftoken = soup.find('input', dict(name='csrfmiddlewaretoken'))['value']
login_data = dict(username=EMAIL, password=PASSWORD, csrfmiddlewaretoken=csrftoken)
r = client.post(URL, data=login_data, headers={"Referer": "foo"})
每次都有相同的错误消息.
<h1>Forbidden <span>(403)</span></h1>
<p>CSRF verification failed. Request aborted.</p>
Mar*_*ers 81
如果要设置referrer标头,则对于该特定站点,您需要将referrer设置为与登录页面相同的URL:
import sys
import requests
URL = 'https://portal.bitcasa.com/login'
client = requests.session()
# Retrieve the CSRF token first
client.get(URL) # sets cookie
if 'csrftoken' in client.cookies:
# Django 1.6 and up
csrftoken = client.cookies['csrftoken']
else:
# older versions
csrftoken = client.cookies['csrf']
login_data = dict(username=EMAIL, password=PASSWORD, csrfmiddlewaretoken=csrftoken, next='/')
r = client.post(URL, data=login_data, headers=dict(Referer=URL))
使用不安全时http,Referer标头通常会被过滤掉,否则很容易被欺骗,因此大多数网站不再需要设置标头.但是,在使用SSL连接时,如果已设置,则站点确实有意义至少引用逻辑上已启动请求的内容.Django在连接加密(使用https://)时执行此操作,然后主动要求它.
| 归档时间: |
|
| 查看次数: |
57985 次 |
| 最近记录: |