0

I'm trying to send a header with a requests.get:

import requests


url = 'http://qp-nachorat2000:8018/icws/' + sessionID + '/status/user-statuses/Administrator' 
header = {'ININ-ICWS-CSRF-Token': csrfToken} 
pcRequest = requests.get(url, headers=header)

This results in a 400 response:

{u'errorCode': 2, 
 u'message': u'A session CSRF token is needed for this request, but none was provided.', 
 u'errorId': u'error.request.accessDenied.csrfToken.missing'}

The same GET works perfectly fine in Postman:

asdfd

What am I missing? Any help would be appreciated.

Martin Gergov
  • 1,556
  • 4
  • 20
  • 29
R S Gill
  • 9
  • 2
  • are you sure `csrfToken` has a value at that point in the code? – Tyler Sebastian Apr 06 '16 at 23:58
  • You might need to use a [`requests.session` object](http://docs.python-requests.org/en/latest/user/advanced/#session-objects) so that your `csrfToken` persists across your requests – dagrha Apr 07 '16 at 17:39
  • The way you are sending the CSRF token with requests seems correct. If the token were invalid you would get a different error message (hopefully). So maybe the header key name `ININ-ICWS-CSRF-Token` isn't correct since the error tells you is missing? Is there any client that can make a successful request to this server so you can inspect the network traffic with your browser? Do you have access to the source of the server web app? – fips Apr 09 '16 at 23:59
  • 1
    Thanks for all your replies. Turns out I was missing a cookie. I ended up using a session to get the cookie. Once I had the cookie, the post (modified to include the cookie) worked. – R S Gill Apr 11 '16 at 01:03

1 Answers1

0

This question is really old, but here's your answer for anyone looking.

When you make your original connection like this:

r = requests.post(url, json=jsonData, headers=header, verify=False)
print(r.status_code)
j = json.loads(r.text)

you will need to pass data from that json data that is returned into the header of the get request:

   header = {
            "Accept-Language": "en-us",
            'Token': j['Token'],
            'Content-Type': 'application/json',
            'Cookie': cookievalue,
            }

Essentially just take the json data that is returned from the original connection attempt, and using the ['Token'] key, pass that as the token in the header of the GET.

ky922
  • 51
  • 7