通过python请求传递csrftoken [英] Passing csrftoken with python Requests

问题描述

如何将python模块的Requests传递给csrftoken？这就是我所拥有的，但是它不起作用，并且我不确定将其传递给哪个参数（数据，标头，身份验证...）

 导入请求从bs4导入
 BeautifulSoup 
 
 URL ='https://portal.bitcasa.com/login'
 
客户=请求.session（config = {'verbose'：sys.stderr}）
 
＃首先获取CSRF令牌
 soup = BeautifulSoup（client.get（'https：//portal.bitcasa。 com / login'）。content）
 csrftoken = soup.find（'input'，dict（name ='csrfmiddlewaretoken'））['value'] 
 
 login_data = dict（username =电子邮件地址，密码=密码，csrfmiddlewaretoken = csrftoken）
r = client.post（URL，data = login_data，headers = { Referer： foo}）
  
 < h1>禁止跨度（403）/跨度/ h1 
< p> CSRF验证失败。请求中止。< / p> 
  
 
 
解决方案
如果要设置引荐来源标头，则对于该特定站点，您需要将引荐来源网址设置为与登录页面相同的URL：
  import sys 
 import请求
 
 URL ='https://portal.bitcasa.com/login'
 
客户端= request.session（）
 
＃检索CSRF令牌第一个
 client.get（URL）＃如果client.cookies中有'csrftoken'，则设置cookie 
：
＃Django 1.6及更高版本
 csrftoken = client.cookies ['csrftoken '] 
其他：
＃较旧的版本
 csrftoken = client.cookies ['csrf'] 
 
 login_data = dict（username = EMAIL，password = PASSWORD，csrfmiddlewaretoken = csrftoken，next ='/'）
r = client.post（URL，data = login_data，headers = dict（Referer = URL））
  
使用不安全的 http 时，通常会过滤掉 Referer 标头否则容易被欺骗，因此大多数网站不再需要e标头设置。但是，在使用SSL连接并设置了SSL连接的情况下，让站点确认它至少引用了可能在逻辑上发起了请求的内容确实有意义。当连接被加密（使用 https：// ）时，Django会执行此操作，然后主动要求它。
 
How do you pass a csrftoken with the python module Requests?  This is what I have but it's not working, and I'm not sure which parameter to pass it into (data, headers, auth...)
import requests
from bs4 import BeautifulSoup

URL = 'https://portal.bitcasa.com/login'

client = requests.session(config={'verbose': sys.stderr})

# Retrieve the CSRF token first
soup = BeautifulSoup(client.get('https://portal.bitcasa.com/login').content)
csrftoken = soup.find('input', dict(name='csrfmiddlewaretoken'))['value']

login_data = dict(username=EMAIL, password=PASSWORD, csrfmiddlewaretoken=csrftoken)
r = client.post(URL, data=login_data, headers={"Referer": "foo"})
Same error message every time.
<h1>Forbidden <span>(403)</span></h1>
<p>CSRF verification failed. Request aborted.</p>

解决方案
If you are going to set the referrer header, then for that specific site you need to set the referrer to the same URL as the login page:
import sys
import requests

URL = 'https://portal.bitcasa.com/login'

client = requests.session()

# Retrieve the CSRF token first
client.get(URL)  # sets cookie
if 'csrftoken' in client.cookies:
    # Django 1.6 and up
    csrftoken = client.cookies['csrftoken']
else:
    # older versions
    csrftoken = client.cookies['csrf']

login_data = dict(username=EMAIL, password=PASSWORD, csrfmiddlewaretoken=csrftoken, next='/')
r = client.post(URL, data=login_data, headers=dict(Referer=URL))
When using unsecured http, the Referer header is often filtered out and otherwise easily spoofable anyway, so most sites no longer require the header to be set. However, when using an SSL connection and if it is set, it does make sense for the site to validate that it at least references something that could logically have initiated the request. Django does this when the connection is encrypted (uses https://), and actively requires it then.

                        
这篇关于通过python请求传递csrftoken的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！