1

I am not able to navigate directly to a web-page with driver.get('https://example.com')

The website displays a message :

Warning: cross-site request forgery control is enabled

But if I use Selenium's ActionChains implementation,

ActionChains(driver).move_to_element(menu).click(hidden_submenu).perform()

I can successfully navigate through the website to the new web-page, 'https://example.com'

I've tried saving and restoring cookies. Wasn't successful.

What else do I need to do, to use driver.get() to navigate to the different web-pages of the website?

undetected Selenium
  • 183,867
  • 41
  • 278
  • 352
Harsh Goyal
  • 154
  • 1
  • 2
  • 11

1 Answers1

-1

Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

So when you use Selenium's ActionChains implementation as:

ActionChains(driver).move_to_element(menu).click(hidden_submenu).perform()

Presumably you are accessing a some other webpage where a session gets established and a lot other session attributes are authenticated. In the next step you are using Selenium's ActionChains implementation to invoke click() on a WebElement which takes you to the new webpage https://example.com.

But in your alternative approach you are trying to navigate directly to the web-page https://example.com where the required session attributes are not present. Hence the session in this case doesn't gets established and you see the Warning as:

Warning: cross-site request forgery control is enabled

Solution

The easier solution will be to follow the actual flow i.e. accessing the initial webpage where the session will get established and the required session attributes are authenticated. In the next step you can use Selenium's ActionChains implementation to invoke click() on the desired WebElement which takes you to the new webpage https://example.com.

Alternative

As an alternative, you can create a Chrome Profile and use the designated Chrome Profile to store the SessionAttributes and reuse as per your requirement.

undetected Selenium
  • 183,867
  • 41
  • 278
  • 352
  • yes , understood this, but my question is how/what can I do to pass these required "**session attributes**" so I can successful use `driver.get('https://example.com')`. I need the flexibility of sending parameters in the url of the `driver.get()` request. – Harsh Goyal Jan 21 '19 at 15:24
  • @HarshGoyal Checkout the answer update and let me know if that answers your question. – undetected Selenium Jan 21 '19 at 18:18