Python Post Request Help

Chiroyce

Keep in mind that I already have a valid sessionID

URL = 'https://scratch.mit.edu/site-api/comments/user/Chiroyce/add/'
text = input("Enter Comment")
biscuit = {'scratchsessionsid': sessionId+';'}
data = {"content":text,"parent_id":"","commentee_id":""}
x = requests.post(URL, data=text, cookies=biscuit)
sys.exit(x)

and sadly I get

 <Response [403]>

Then I added

origin='https://scratch.mit.edu'

URL = 'https://scratch.mit.edu/site-api/comments/user/Chiroyce/add/'
text = input("Enter Comment")
biscuit = {'scratchsessionsid': sessionId+';'}
data = {"content":text,"parent_id":"","commentee_id":""}
x = requests.post(URL, data=text, cookies=biscuit, origin='https://scratch.mit.edu')
sys.exit(x)

and then i get an error

  
File "C:\Users\_____\AppData\Local\Programs\Python\Python37-32\lib\site-packages\requests\api.py", line 61, in request
    return session.request(method=method, url=url, **kwargs)
TypeError: request() got an unexpected keyword argument 'origin'

Last edited by Chiroyce (April 26, 2021 11:09:30)

Maximouse

The session ID should not end with “;”, but I think it should be in quotes.

For origin, use the “headers” parameter:

x = requests.post(URL, data=text, cookies=biscuit, headers={'Origin': 'https://scratch.mit.edu'})

Chiroyce

No luck, I still get

 
URL = 'https://scratch.mit.edu/site-api/comments/user/Chiroyce/add/'
text = input("Enter Comment")
biscuit = {'scratchsessionsid': 'sessionId'}
data = {"content":text,"parent_id":"","commentee_id":""}
x = requests.post(URL, data=text, cookies=biscuit, headers={'Origin': 'https://scratch.mit.edu'})
sys.exit(x)

I also tried this

 
URL = 'https://scratch.mit.edu/site-api/comments/user/Chiroyce/add/'
text = input("Enter Comment")
biscuit = {'scratchsessionsid': sessionId}  # no quotes
data = {"content":text,"parent_id":"","commentee_id":""}
x = requests.post(URL, data=text, cookies=biscuit, headers={'Origin': 'https://scratch.mit.edu'})
sys.exit(x)

Maximouse

Chiroyce wrote:

No luck, I still get

 
URL = 'https://scratch.mit.edu/site-api/comments/user/Chiroyce/add/'
text = input("Enter Comment")
biscuit = {'scratchsessionsid': 'sessionId'}
data = {"content":text,"parent_id":"","commentee_id":""}
x = requests.post(URL, data=text, cookies=biscuit, headers={'Origin': 'https://scratch.mit.edu'})
sys.exit(x)

I also tried this

 
URL = 'https://scratch.mit.edu/site-api/comments/user/Chiroyce/add/'
text = input("Enter Comment")
biscuit = {'scratchsessionsid': sessionId}  # no quotes
data = {"content":text,"parent_id":"","commentee_id":""}
x = requests.post(URL, data=text, cookies=biscuit, headers={'Origin': 'https://scratch.mit.edu'})
sys.exit(x)

I think it should be

biscuit = {'scratchsessionsid': f'"{sessionId}"'}

Chiroyce

Maximouse wrote:
I think it should be
biscuit = {'scratchsessionsid': f'"{sessionId}"'}

No luck, I get a 403 – again

ninjaMAR

I think you need to add the csrf token

Chiroyce

ninjaMAR wrote:
I think you need to add the csrf token

how do i get the CSRF token now ? and where should I add it?

Maximouse

Chiroyce wrote:
ninjaMAR wrote:
I think you need to add the csrf token
how do i get the CSRF token now ? and where should I add it?

Send a scratchcsrftoken cookie with any value and an X-CSRFToken header with the same value.

mybearworld

Are you allowed to set the “Origin” in headers?

9gr

1. go into console
2. get the document.cookie value
3. copy it
4. paste it as your cookie value
5. headers as:

{
  "X-CSRFToken": "a", """replace a with your csrftoken """
  "X-Requested-With": "XMLHttpRequest",
  "origin": "https://scratch.mit.edu/users/Chiroyce"
}

should work i think

Last edited by 9gr (April 28, 2021 17:43:53)

Maximouse

mybearworld wrote:
Are you allowed to set the “Origin” in headers?

This is not in a browser, so yes.

Discuss Scratch