Passing csrftoken with python Requests

by

If you are going to set the referrer header, then for that specific site you need to set the referrer to the same URL as the login page:

import sys
import requests

URL = 'https://portal.bitcasa.com/login'

client = requests.session()

# Retrieve the CSRF token first
client.get(URL)  # sets cookie
if 'csrftoken' in client.cookies:
    # Django 1.6 and up
    csrftoken = client.cookies['csrftoken']
else:
    # older versions
    csrftoken = client.cookies['csrf']

login_data = dict(username=EMAIL, password=PASSWORD, csrfmiddlewaretoken=csrftoken, next="https://stackoverflow.com/")
r = client.post(URL, data=login_data, headers=dict(Referer=URL))

When using unsecured http, the Referer header is often filtered out and otherwise easily spoofable anyway, so most sites no longer require the header to be set. However, when using an SSL connection and if it is set, it does make sense for the site to validate that it at least references something that could logically have initiated the request. Django does this when the connection is encrypted (uses https://), and actively requires it then.

More Related Contents:

  1. How to “log in” to a website using Python’s Requests module?
  2. Python Requests throwing SSLError
  3. Proxies with Python ‘Requests’ module
  4. Python Requests and persistent sessions
  5. Python Requests library redirect new url
  6. MaxRetryError: HTTPConnectionPool: Max retries exceeded (Caused by ProtocolError(‘Connection aborted.’, error(111, ‘Connection refused’)))
  7. Can I set max_retries for requests.request?
  8. How to use cookies in Python Requests
  9. using requests with TLS doesn’t give SNI support
  10. Python Request Post with param data
  11. python ignore certificate validation urllib2
  12. Using Python Requests: Sessions, Cookies, and POST
  13. Only download a part of the document using python requests
  14. OpenSSL errors in python requests
  15. Python – Requests, Selenium – passing cookies while logging in
  16. Python : Trying to POST form using requests
  17. How to get response SSL certificate from requests in python?
  18. Forbidden (403) CSRF verification failed. Request aborted. Even using the {% csrf_token %}
  19. Send http request through specific network interface
  20. How to resume file download in Python?
  21. parsing XML file gets UnicodeEncodeError (ElementTree) / ValueError (lxml)
  22. What is the difference between ‘content’ and ‘text’
  23. parse multipart/form-data, received from requests post
  24. Get html using Python requests?
  25. multipart data POST using python requests: no multipart boundary was found
  26. How to get the raw content of a response in requests with Python?
  27. How to disable cookie handling with the Python requests library?
  28. openssl, python requests error: “certificate verify failed”
  29. CSRF Token missing or incorrect
  30. Using Find_All function returns an unexpected result set

Leave a Comment