CSRF验证失败。 使用cURL时
[英]CSRF verification failed. when using cURL
问题描述
i'm trying to get content of markafoni.com by curl. 
我正在尝试通过curl获取markafoni.com的内容。
class curl
{
private $ch;
function __construct()
{
$this->ch = curl_init();
curl_setopt($this->ch,CURLOPT_CAINFO,dirname(__FILE__)."/cacert.pem");
curl_setopt($this->ch,CURLOPT_USERAGENT,'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
curl_setopt($this->ch,CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($this->ch,CURLOPT_SSL_VERIFYHOST, false);
//curl_setopt($this->ch,CURLOPT_AUTOREFERER, true);//
//curl_setopt($this->ch,CURLOPT_REFERER, 'https://www.markafoni.com/');//
//curl_setopt($this->ch,CURLOPT_FAILONERROR, false);//
curl_setopt($this->ch,CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($this->ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($this->ch,CURLOPT_VERBOSE,1);
//curl_setopt($this->ch,CURLOPT_HEADER,1);
//curl_setopt($this->ch,CURLOPT_HTTPHEADER,$header);
curl_setopt($this->ch,CURLOPT_COOKIESESSION, true);
curl_setopt($this->ch,CURLOPT_COOKIEJAR, dirname(__FILE__)."/cookie.txt");
curl_setopt($this->ch,CURLOPT_COOKIEFILE, dirname(__FILE__)."/cookie.txt");
}
function run($url,$post=array())
{
$postField = '';
foreach($post as $k=>$v) $postField .= $k.'='.$v.'&';
curl_setopt($this->ch,CURLOPT_URL,$url);
if(count($post)){
curl_setopt($this->ch,CURLOPT_POST,count($post));
curl_setopt($this->ch,CURLOPT_POSTFIELDS,$postField);
}else{
curl_setopt($this->ch,CURLOPT_POST,0);
curl_setopt($this->ch,CURLOPT_POSTFIELDS,'');
}
return curl_exec($this->ch);
}
}
but I get this error: 但是我得到这个错误:
Forbidden (403)
CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests
any idea? 任何想法?
edit: 编辑:
and when I enable this line: 当我启用此行时:
curl_setopt($this->ch,CURLOPT_REFERER,'https://www.markafoni.com/');
I get another error: 我收到另一个错误:
Forbidden (403)
CSRF verification failed. Request aborted.
1 个解决方案
解决方案1
2 已采纳 2014-05-29 12:07:07
A browser will always make a get request to a page (to show the form) before making the post. 在发布帖子之前,浏览器将始终对页面进行get请求(以显示表单)。
Consider the following response headers from a get request made from chrome: 考虑来自chrome的get请求的以下响应标头:
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 29 May 2014 11:57:01 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Vary: Cookie
CACHE: True
Set-Cookie: csrftoken=5F3ttzJcnWdLkL7sPDekggxgjDJTKAmz; expires=Thu, 28-May-2015 11:57:01 GMT; Max-Age=31449600; Path=/
Set-Cookie: _auth=0; Domain=.markafoni.com; Path=/
Set-Cookie: ladsrv=; Domain=.markafoni.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; Path=/
X-BackendID: caramel
X-Forwarded-Proto: http
Content-Encoding: gzip
P3P: CP="CAO DSP COR LAW CURa ADMa DEVa PSAa PSDa OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT STA",policyref="/w3c/p3p.xml"
Notice the cookies set, specifically this one: csrftoken=... . 注意设置的cookie,特别是以下cookie: csrftoken=...
In order to make post requests to this site, you will need to make a get request 1st, save the cookies, then make the post request with the same cookies. 为了向该站点发出发布请求,您需要首先发出一个get请求,保存cookie,然后使用相同的cookie进行发布请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.