stackoom
  简体   繁体   中英

403 forbidden and CSRF verification failed. Request aborted. python requests

 原文  2016-12-13 09:40:01       python/ python-requests

Question

import requests
import json
headers={'User-Agent':'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.87 Safari/537.36'}
post_data={"q":"","filters":{"sizes":["Large","MNE"],"sectors":[18],"countries":[228],"regions":["Northern America"],"years":[2015],"types":[]},"page":1}


with requests.Session() as s:
    for_cookies=s.get('http://database.globalreporting.org/search')
    # print(for_cookies.content)
    p = s.post('http://database.globalreporting.org/search/ajax/',data=json.dumps(post_data), headers=headers)
    print(p.content)

My chrome can visit the website but my code cannot. How to make my code able to visit the website? 在此处输入图片说明

2 answers

solution1
 3  2016-12-13 10:38:21

I have included the csrf token and tried to call it. But I think the Django website must have used, 

if not request.is_ajax():
    return HttpResponse('Only ajax request')

Because I tried the code, 

import requests

with requests.Session() as client:
    for_cookies=client.get('http://database.globalreporting.org/search')
    csrf = client.cookies['csrftoken']
    print csrf
    post_data={"csrfmiddlewaretoken": csrf, "q":"","filters":{"sizes":["Large","MNE"],"sectors":[18],"countries":[228],"regions":["Northern America"],"years":[2015],"types":[]},"page":1}
    r = client.post('http://database.globalreporting.org/search/ajax/', data=post_data, headers=dict(Referer='http://database.globalreporting.org/search'))
    print r.text

The response I get is 

YrZa9IIoFJZyXqeRXZnZ57s3vaoCUCul
Only ajax request

In general you have to use csrf token in these cases. But we can configure whether to use ajax only.

Hope my answer helps you.

solution2
 1 ACCPTED  2016-12-13 10:33:19

You need to add CSRF token value to your headers: 

with requests.Session() as s:
    for_cookies=s.get('http://database.globalreporting.org/search')

    headers =  
    {'X-CSRFToken': for_cookies.headers['Set-Cookie'].split('=')[1].split(';')[0],
    'Referer': 'http://database.globalreporting.org/search/',
    'X-Requested-With':'XMLHttpRequest'}

    p = s.post('http://database.globalreporting.org/search/ajax/',data=json.dumps(post_data), headers=headers)
    print(p.content)

Try this code and let me know in case of any issues

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Forbidden (403) CSRF verification failed. Request aborted. Django Forbidden (403) CSRF verification failed. Request aborted. Even using the {% csrf_token %} Django: "Forbidden (403) CSRF verification failed. Request aborted." in Docker Production How to fix “Forbidden (403) CSRF verification failed. Request aborted.” error in django Forbidden (403) CSRF verification failed. Request aborted. login page not working CSRF verification failed. Request aborted. (Python Request Module) CSRF verification failed. Request aborted. Python 1.8 Forbidden (403) CSRF verification failed. Request aborted. Reason given for failure: Origin checking failed does not match any trusted origins Forbidden (403) CSRF verification failed. Request aborted using django Forbidden (403) CSRF verification failed. Request aborted.in Django
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM