1

I'm trying to log into "https://partner.getyourguide.com/en-us/login" using requests module in Python I keep getting the error 'Invalid CSRF token' but the cookie doesn't have a 'Invalid CSRF token'.

I'm expecting a 200 response for successfully login but I get 403

import requests as r
session = r.Session()
re= r.get('https://partner.getyourguide.com/en-us/login')
re.cookies

datad = {'email':'hello@world.com','password':'passowr'}  
response = r.post('https://partner.getyourguide.com/en-us/login', data = datad)
print(response)
Georgy
  • 12,464
  • 7
  • 65
  • 73
Oladimeji Olaolorun
  • 78
  • 4
  • First get to know what's CSRF token is and what it is for. It's standard knowledge if you have to deal with WWW forms https://stackoverflow.com/questions/5207160/what-is-a-csrf-token-what-is-its-importance-and-how-does-it-work – asikorski Sep 09 '19 at 14:27

1 Answers1

1

it looks like the CSRF (Cross-Site Request Forgery) token is hidden in the page. Do a "view source" on the page and search for "csrf".

In order to have any chance of this working, you'll need to parse the page and then submit that CSRF token as another entry in datad. You may run into other issues, as I'm betting that form submission is handled through JavaScript.

Chris Curvey
  • 9,738
  • 10
  • 48
  • 70