通过python请求传递csrftoken [英] Passing csrftoken with python Requests
问题描述
如何将python模块的Requests传递给csrftoken?这就是我所拥有的,但是它不起作用,并且我不确定将其传递给哪个参数(数据,标头,身份验证...)
导入请求从bs4导入
BeautifulSoup
URL ='https://portal.bitcasa.com/login'
客户=请求.session(config = {'verbose':sys.stderr})
#首先获取CSRF令牌
soup = BeautifulSoup(client.get('https://portal.bitcasa。 com / login')。content)
csrftoken = soup.find('input',dict(name ='csrfmiddlewaretoken'))['value']
login_data = dict(username =电子邮件地址,密码=密码,csrfmiddlewaretoken = csrftoken)
r = client.post(URL,data = login_data,headers = { Referer: foo})
< h1>禁止跨度(403)/跨度/ h1
< p> CSRF验证失败。请求中止。< / p>
解决方案如果要设置引荐来源标头,则对于该特定站点,您需要将引荐来源网址设置为与登录页面相同的URL:
import sys
import请求
URL ='https://portal.bitcasa.com/login'
客户端= request.session()
#检索CSRF令牌第一个
client.get(URL)#如果client.cookies中有'csrftoken',则设置cookie
:
#Django 1.6及更高版本
csrftoken = client.cookies ['csrftoken ']
其他:
#较旧的版本
csrftoken = client.cookies ['csrf']
login_data = dict(username = EMAIL,password = PASSWORD,csrfmiddlewaretoken = csrftoken,next ='/')
r = client.post(URL,data = login_data,headers = dict(Referer = URL))
使用不安全的
http
时,通常会过滤掉Referer
标头否则容易被欺骗,因此大多数网站不再需要e标头设置。但是,在使用SSL连接并设置了SSL连接的情况下,让站点确认它至少引用了可能在逻辑上发起了请求的内容确实有意义。当连接被加密(使用https://
)时,Django会执行此操作,然后主动要求它。How do you pass a csrftoken with the python module Requests? This is what I have but it's not working, and I'm not sure which parameter to pass it into (data, headers, auth...)
import requests from bs4 import BeautifulSoup URL = 'https://portal.bitcasa.com/login' client = requests.session(config={'verbose': sys.stderr}) # Retrieve the CSRF token first soup = BeautifulSoup(client.get('https://portal.bitcasa.com/login').content) csrftoken = soup.find('input', dict(name='csrfmiddlewaretoken'))['value'] login_data = dict(username=EMAIL, password=PASSWORD, csrfmiddlewaretoken=csrftoken) r = client.post(URL, data=login_data, headers={"Referer": "foo"})
Same error message every time.
<h1>Forbidden <span>(403)</span></h1> <p>CSRF verification failed. Request aborted.</p>
解决方案If you are going to set the referrer header, then for that specific site you need to set the referrer to the same URL as the login page:
import sys import requests URL = 'https://portal.bitcasa.com/login' client = requests.session() # Retrieve the CSRF token first client.get(URL) # sets cookie if 'csrftoken' in client.cookies: # Django 1.6 and up csrftoken = client.cookies['csrftoken'] else: # older versions csrftoken = client.cookies['csrf'] login_data = dict(username=EMAIL, password=PASSWORD, csrfmiddlewaretoken=csrftoken, next='/') r = client.post(URL, data=login_data, headers=dict(Referer=URL))
When using unsecured
http
, theReferer
header is often filtered out and otherwise easily spoofable anyway, so most sites no longer require the header to be set. However, when using an SSL connection and if it is set, it does make sense for the site to validate that it at least references something that could logically have initiated the request. Django does this when the connection is encrypted (useshttps://
), and actively requires it then.这篇关于通过python请求传递csrftoken的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!