I'm looking for a value. It is a session ID.
I analyzed network activity and the only reference to such a thing is "Access-Control-Allow-Headers: x-site-sessionid"on a request response header.
I also found it at the end of the POST request (sessionid=xxxx) but I need that value beforehand so my script can work. On my browser it does it automatically but I've been unable to find the value's source or how to request it from the site.
How would I pull this value? Everything else with the script is working as I tested it with an old session ID (that I got from a post request in my network activity log) and it registered fine. Though this isn't ideal for multiple runs.
Parameters that appear in the url address are not POST parameters , you simply need to add the session_id that your receive in the OPTIONS request to the url of the POST , like so:
session_id = 'get options response'
request.post(url + "&sessionid=%s" % session_id, data = {})
Related
I am trying to update an already saved form on a system using HTTP requests. Due to the server configuration for the third party app we use, updating by POST requires sending a fully filled out payload every single time.
I want to get round this by recovering the form data already present on the server and converting it into a dictionary. Then changing any values I need and reposting to make changes sever side.
The application we use sends a POST request when the save button is clicked for a particular form.
Here I send a post request with no payload.
[This simulates pressing the save button and is also the point where dev tools shows me a the payload I want to capture]
post_test = self.session.post(url_to_retrieve_from)
I thought that now I should be able to print the output, which should resemble what Google Dev tools Form data captures.
print(post_test.text)
This just gives me html found on the webpage.
If Dev Tools can get this from the server then I should also be able to?
Example of Data I am trying to get via requests:
Form Data
If Dev Tools can get this from the server then I should also be able to?
Yes, of course. In requests you pass form data in data keyword:
import requests
url = 'http://www.example.com'
data = {
'name': 'value',
}
response = requests.post(url, data=data)
You can get the data you sent with a request from the response in this way:
import requests
response = requests.post('http://your_url', data=data) # send request
body = response.request.body
parsed_data = dict(data.split('=') for data in body.split('&')) # parse request body
Here you can find more information about data argument
In the documentation, in the class requests.Response we can find the attribute:
request = None
The PreparedRequest object to which this is a response.
In requests.PreparedRequest class we can read:
body = None
request body to send to the server.
I am using Python flask. I have a POST request with some payload coming on say:
abc.com/hello/hello1
I want to redirect this (302) to:
xyz.com/hello/hello1
only changing the domain name while keeping the remaining part as it is and also the payload. Is there a simple way to do this?
As per RFC, redirect requests (all 3xx) cannot contain request data or headers. You will miss the payload, supplied via POST in original request.
There are two possible workaround I could think of right away:
Give the client new URL, and implement further logic on client side;
Create a proxy handler on backend, which will do a request by itself and give the answer back as it's own.
EDIT: As per Andrejs Cainikovs's comment below, this would not work for a POST with payload.
In your endpoint, get the url that was used using request.url (see request API here for more options). Then you can rewrite it and make a redirect.
newUrl = "xyz.com/" + route
return redirect(newUrl, code=302)
I have a JavaScript bookmarklet that POSTs information to a (Flask powered) server while the user is on some other page (i.e. not one on my server). I don't want to interrupt the user's browsing by hijacking their session with my server response.
My initial thought was that I could suppress the HTTP response from Flask somehow; prevent it from sending anything to the client so they aren't mysteriously redirected. I was hoping I could do this by perhaps having a null return from a view.
I then thought that might be some HTTP response that lets the client know the information was successfully submitted, but will leave the client on their current page. Suppose a header value like "Here is the result of your request, but you should not alter your current display"?
To answer your amended question, yes there is such a response. From RFC 2616-section 10 (emphasis added):
10.2.5 204 No Content
The server has fulfilled the request but does not need to return an
entity-body, and might want to return updated metainformation. The
response MAY include new or updated metainformation in the form of
entity-headers, which if present SHOULD be associated with the
requested variant.
If the client is a user agent, it SHOULD NOT change its document view
from that which caused the request to be sent. This response is
primarily intended to allow input for actions to take place without
causing a change to the user agent's active document view, although
any new or updated metainformation SHOULD be applied to the document
currently in the user agent's active view.
The 204 response MUST NOT include a message-body, and thus is always
terminated by the first empty line after the header fields.
Thus from flask you can do something like this. Remember, the response must not include a message body, so any data you want to send back should be put into a cookie.
#app.route('/')
def index():
r = flask.Response()
r.set_cookie("My important cookie", value=some_cool_value)
return r, 204
No, it is not possible. Flask is built on Werkzeug, which implements the WSGI spec. The WSGI cycle requires sending a response to each request. Droping the response would require control over the TCP/IP connection at a far lower level even that HTTP. This is outside the domain of WSGI, therefore outside the domain of Flask.
You could return an error code, or an empty body, but you have to return something.
return '' # empty body
I'm working on an app which uses an API that requires me to make a first Post request to authenticate.
Looking the authenticate response, I've seen that a cookie was created: ApiCredentials=....
So I authenticate:
result = urlfetch.fetch(url = url, method = urlfetch.POST)
api_credential = result.headers['set-cookie']
and then I create a request with that cookie in the header
urlfetch.fetch(url = url, method = urlfetch.GET, headers = {'Cookie': api_credential})
The problem is: in dev everything works perfectly, but when I deploy, it doesn't work. In the logs I can see the cookie that was recieved.
API link: http://www.sptrans.com.br/desenvolvedores/APIOlhoVivo/Documentacao.aspx?1 (portuguese)
The code in the question does not show the cookie name ApiCredentials. It may be that in development, there was only a single cookie and in production there are more, in which case result.headers['set-cookie'] returns multiple values comma separated.
The URL Fetch Response Objects page suggests retrieving multiple headers of the same name in a list by calling result.header_msg.getheaders('set-cookie') instead and then finding ApiCredentials in the resulting list.
It might be safer to say 'Set-Cookie' in case-sensitive environments.
I have two questions. I am new to python and not fluent enough with all the BIF's in python.
I am developing a website database is on amazon simple db.
I am handling all database related queries and code using python scripts.
My first question is given an HTML page where the user gives his his login credentials I call in a python script using my handler javascript function send in a post request and get a response from my python script.
I can send a post request all right and get the values from sdb for validation. What I need to know is how to send in a response from my script back to my html page which could react to the information given.
My second question is how do I maintain an HTTP session using python?
My python code is given below although it shouldn't make for much since no response code is added:
form=cgi.FieldStorage()
organisationID= form['orgID'].value
username= form['username'].value
password= form['password'].value
sdb=sdbhelper.connect()
connection= sdb.get_domain('AdminTable')
itemnames=''
flag=False
for item in connection:
if (item.name==username+'$'+organisationID):
retrieved_item=connection.get_item(item.name)
if(retrieved_item['Password']==password):
flag=True
#Now Id like to respond with flag so that login validation can be done
If I am correctly getting your question what you want to do is to create a small API , Where you send some information to a webpage and get some other .
What you can do is once the user is authenticated you should return it a access key that is valid for a short time period .
One of the way to send data could be inform of JSON objects .
For example if user is authenticated then return
{
'KEY' : 'dklsfeir5rufui435uejhfjh5ewh5rf'
}
From the next request you can associate this short lived key along the url for access .For example send the next request to abc.py?key=dklsfeir5rufui435uejhfjh5ewh5rf (by get or by post ) . If the key is valid then process the request else send a json response saying error occurred .
The main advantage of using JSON is it can be easily decoded/ encoded for communication
(JSON | http://docs.python.org/2/library/json.html )
Secondly as you have generated access key you would not require any session .