cannot post data from curl
790 views
Skip to first unread message
arief nur andono
Jun 11, 2011, 7:44:18 AM6/11/11
to Tornado Web Server
Hi, I'm trying to post data from curl but I got errors
curl http://localhost:8888/composebot -d
'title=botsenddata11jan&markdown=hodfhjsldjfds'
<html><title>403: Forbidden</title><body>403: Forbidden</body></html>
in server
[W 110611 18:38:41 web:892] 403 POST /composebot (127.0.0.1): '_xsrf'
argument missing from POST
so, how to got unpredicted _xsrf value from cur or pycurl without any
page interface??
or
Can I filter some post with xsrf protection and another without _xsrf
protection??
or
Can I verify my only bot to post data??
regard
curl http://localhost:8888/composebot -d
'title=botsenddata11jan&markdown=hodfhjsldjfds'
<html><title>403: Forbidden</title><body>403: Forbidden</body></html>
in server
[W 110611 18:38:41 web:892] 403 POST /composebot (127.0.0.1): '_xsrf'
argument missing from POST
so, how to got unpredicted _xsrf value from cur or pycurl without any
page interface??
or
Can I filter some post with xsrf protection and another without _xsrf
protection??
or
Can I verify my only bot to post data??
regard
arief nur andono
Jun 11, 2011, 11:11:39 AM6/11/11
to Tornado Web Server
I trying using pycurl but still got fail
import pycurl
import StringIO
#import os
#import re
UserAgent = 'Mozilla/5.0 (compatible: MSIE 6.0)'
buffer = StringIO.StringIO()
conn=pycurl.Curl()
conn.setopt(pycurl.URL, 'http://localhost:8888')
conn.setopt(pycurl.COOKIEFILE,'cookies.txt')
conn.setopt(pycurl.COOKIEJAR,'cookies.txt')
conn.setopt(pycurl.FOLLOWLOCATION, 1)
conn.setopt(pycurl.HTTPHEADER, ["Accept:"])
conn.setopt(pycurl.HTTPGET, 1)
conn.setopt(pycurl.USERAGENT,UserAgent)
conn.setopt(pycurl.VERBOSE,1)
conn.setopt(pycurl.REFERER, "http://localhost:8888")
conn.setopt(pycurl.WRITEFUNCTION,buffer.write)
conn.perform()
a = conn.getinfo(pycurl.INFO_COOKIELIST)
print a
content = buffer.getvalue()
buffer.close()
I still cannot get _xsrf cookie
import pycurl
import StringIO
#import os
#import re
UserAgent = 'Mozilla/5.0 (compatible: MSIE 6.0)'
buffer = StringIO.StringIO()
conn=pycurl.Curl()
conn.setopt(pycurl.URL, 'http://localhost:8888')
conn.setopt(pycurl.COOKIEFILE,'cookies.txt')
conn.setopt(pycurl.COOKIEJAR,'cookies.txt')
conn.setopt(pycurl.FOLLOWLOCATION, 1)
conn.setopt(pycurl.HTTPHEADER, ["Accept:"])
conn.setopt(pycurl.HTTPGET, 1)
conn.setopt(pycurl.USERAGENT,UserAgent)
conn.setopt(pycurl.VERBOSE,1)
conn.setopt(pycurl.REFERER, "http://localhost:8888")
conn.setopt(pycurl.WRITEFUNCTION,buffer.write)
conn.perform()
a = conn.getinfo(pycurl.INFO_COOKIELIST)
print a
content = buffer.getvalue()
buffer.close()
I still cannot get _xsrf cookie
Ben Darnell
Jun 11, 2011, 3:13:43 PM6/11/11
to python-...@googlegroups.com
See http://www.tornadoweb.org/documentation#cross-site-request-forgery-protection for more information about how this works and why it is required. You'll have to make two requests: one to get the current token (you can make a new handler that just returns self.xsrf_token), and then use it in a second request.
Actually, now that I think about it you don't even need that. You can just use whatever string you want as the xsrf token, as long as you pass it both as a cookie and as an argument or header.
If this is an API endpoint not intended for browser access, you may want to override check_xsrf_cookie. If your authentication is not cookie-based, you can disable xsrf protection entirely.
-Ben
arief nur andono
Jun 13, 2011, 12:05:29 PM6/13/11
to Tornado Web Server
I've try your first suggestion
but I have problem in parsing the html use pyquery
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://
www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://
www.w3.org/1999/xhtml"><head></head><body><div id="body"><div
id="content"><form action="/composebot" method="post"
class="compose"><input name="title" type="text" class="title" value=""/
><textarea name="markdown" rows="30" cols="40" class="markdown"></
textarea><input type="submit" value="Publish post" class="submit"/
><input type="hidden" name="_xsrf"
value="4436f8b0486d491c8b2e6643dc540da2"/></form></div></div></body></
html>
I still cannot the value of xsrf instead I have use
from pyquery import PyQuery as pq
d = pq(var_text)
d('input[name="_xsrf"]').val()
but I don't know why it's not working..any idea?
and
I interest with your second suggestion,
how to make it work? I still don't get it
regards
On Jun 12, 2:13 am, Ben Darnell <b...@bendarnell.com> wrote:
> Seehttp://www.tornadoweb.org/documentation#cross-site-request-forgery-pr...
but I have problem in parsing the html use pyquery
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://
www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://
www.w3.org/1999/xhtml"><head></head><body><div id="body"><div
id="content"><form action="/composebot" method="post"
class="compose"><input name="title" type="text" class="title" value=""/
><textarea name="markdown" rows="30" cols="40" class="markdown"></
textarea><input type="submit" value="Publish post" class="submit"/
><input type="hidden" name="_xsrf"
value="4436f8b0486d491c8b2e6643dc540da2"/></form></div></div></body></
html>
I still cannot the value of xsrf instead I have use
from pyquery import PyQuery as pq
d = pq(var_text)
d('input[name="_xsrf"]').val()
but I don't know why it's not working..any idea?
and
I interest with your second suggestion,
how to make it work? I still don't get it
regards
On Jun 12, 2:13 am, Ben Darnell <b...@bendarnell.com> wrote:
> Seehttp://www.tornadoweb.org/documentation#cross-site-request-forgery-pr...
> more information about how this works and why it is required. You'll
> have to make two requests: one to get the current token (you can make a new
> handler that just returns self.xsrf_token), and then use it in a second
> request.
>
> Actually, now that I think about it you don't even need that. You can just
> use whatever string you want as the xsrf token, as long as you pass it both
> as a cookie and as an argument or header.
>
> If this is an API endpoint not intended for browser access, you may want to
> override check_xsrf_cookie. If your authentication is not cookie-based, you
> can disable xsrf protection entirely.
>
> -Ben
>
> On Sat, Jun 11, 2011 at 4:44 AM, arief nur andono
> <ariefnurand...@gmail.com>wrote:
> have to make two requests: one to get the current token (you can make a new
> handler that just returns self.xsrf_token), and then use it in a second
> request.
>
> Actually, now that I think about it you don't even need that. You can just
> use whatever string you want as the xsrf token, as long as you pass it both
> as a cookie and as an argument or header.
>
> If this is an API endpoint not intended for browser access, you may want to
> override check_xsrf_cookie. If your authentication is not cookie-based, you
> can disable xsrf protection entirely.
>
> -Ben
>
> On Sat, Jun 11, 2011 at 4:44 AM, arief nur andono
arief nur andono
Jun 14, 2011, 5:45:01 PM6/14/11
to Tornado Web Server
wow you're right...I just need to use the same _xsrf post and cookies
value and it works like magic
this is the post code
#!/usr/bin/python
import pycurl
import StringIO
UserAgent = 'Mozilla/5.0 (compatible: MSIE 6.0)'
buffer = StringIO.StringIO()
conn=pycurl.Curl()
conn.setopt(pycurl.URL,'http://localhost:8888/composebot')
"title=botsenddata15juni2011&markdown=yattaididit&_xsrf=c1902f4e36cf4485952a5a17149b0e6d")
conn.setopt(pycurl.POST,1)
conn.setopt(pycurl.VERBOSE,1)
conn.setopt(pycurl.REFERER, "http://localhost:8888/compose")
conn.setopt(pycurl.WRITEFUNCTION,buffer.write)
conn.perform()
buffer.close()
and this is cookies file
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
localhost FALSE / FALSE 0 _xsrf c1902f4e36cf4485952a5a17149b0e6d
thanks a lot
On Jun 13, 11:05 pm, arief nur andono <ariefnurand...@gmail.com>
wrote:
value and it works like magic
this is the post code
#!/usr/bin/python
import pycurl
import StringIO
UserAgent = 'Mozilla/5.0 (compatible: MSIE 6.0)'
buffer = StringIO.StringIO()
conn=pycurl.Curl()
conn.setopt(pycurl.COOKIEFILE,'cookies.txt')
conn.setopt(pycurl.COOKIEJAR,'cookies.txt')
conn.setopt(pycurl.POSTFIELDS,
conn.setopt(pycurl.COOKIEJAR,'cookies.txt')
"title=botsenddata15juni2011&markdown=yattaididit&_xsrf=c1902f4e36cf4485952a5a17149b0e6d")
conn.setopt(pycurl.FOLLOWLOCATION, 1)
conn.setopt(pycurl.HTTPHEADER, ["Accept:"])
conn.setopt(pycurl.USERAGENT,UserAgent)
conn.setopt(pycurl.HTTPHEADER, ["Accept:"])
conn.setopt(pycurl.POST,1)
conn.setopt(pycurl.VERBOSE,1)
conn.setopt(pycurl.REFERER, "http://localhost:8888/compose")
conn.setopt(pycurl.WRITEFUNCTION,buffer.write)
conn.perform()
buffer.close()
and this is cookies file
# Netscape HTTP Cookie File
# http://curl.haxx.se/rfc/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.
localhost FALSE / FALSE 0 _xsrf c1902f4e36cf4485952a5a17149b0e6d
thanks a lot
On Jun 13, 11:05 pm, arief nur andono <ariefnurand...@gmail.com>
wrote:
> I've try your first suggestion
>
> but I have problem in parsing the html use pyquery
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head></head><body><div id="body"><div
>
> but I have problem in parsing the html use pyquery
>
Reply all
Reply to author
Forward
0 new messages