How is this site forming the headers on a POST request?

Question

I am trying to learn how the headers are being constructed when a zipcode is entered by the user and a "POST" command is issued (by clicking on the "Shop Now" button) from the following website:

I believe the interesting part of this "POST" request is how the site is forming the following headers but I can't figure out how it is doing it (my suspicion is that there is some JavaScript/Angular code that is responsible):

x-ccwfdfx7-a
x-ccwfdfx7-b
x-ccwfdfx7-c
x-ccwfdfx7-d
x-ccwfdfx7-f
x-ccwfdfx7-z

So I have tried to use the requests module to login as guest to learn more about how this flow works:

with requests.Session()
with cloudscraper.create_scraper()

So far all my attempts have FAILED. Here is my code:

import requests  
from requests_toolbelt.utils import dump   #pip install requests_toolbelt
import cloudscraper   #pip install cloudscraper

#with requests.Session() as session:
with cloudscraper.create_scraper(
        browser={
            'custom': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36'
        }
    ) as session:

        CITY = XXXXX
        ZIPCODE = XXXXX

        #get cookies
        url = 'http://www.peapod.com'
        res1 = session.get(url)
        session.headers['Referer'] = 'https://www.peapod.com/'

        #get more cookies
        url = 'http://www.peapod.com/login'
        res2 = session.get(url)

        #get more cookies
        url = 'https://www.peapod.com/ppd/bundles/js/ppdBundle.js'
        res3 = session.get(url)

        #get all the service locations
        response = session.get('https://www.peapod.com/api/v4.0/serviceLocations',
            params={
                'customerType': 'C',
                'zip': ZIPCODE
            }
        )

        try:
            loc_id = list(
                filter(
                    lambda x: x.get('location', {}).get('city') == CITY, response.json()['response']['locations']
                )
            )[0]['location']['id']
        except IndexError:
            raise ValueError("Can't find City '{}' -> Zip {}".format(CITY, ZIPCODE))

        #login as guest
        response = session.post('https://www.peapod.com/api/v4.0/user/guest',
            json={
                'customerType': 'C',
                'cities': None,
                'email': None,
                'serviceLocationId': loc_id,
                'zip': ZIPCODE
            },
            params={
                'serviceLocationId': loc_id,
                'zip': ZIPCODE
            }
        )

This seems to produce some sort of an error message saying "I'm blocked" which I believe is due to the fact that I can't figure out how the browser constructs the ccwfdfx7headers in the "POST" request (my suspicion is that there is some JavaScript/Angular code that is responsible for constructing these headers but I can't find it and hoping someone could help...)

On the same computer, Chrome browser is able to login just fine

you can try setting browser-like user agent (not sure how legal it is). — narendra-choudhary, Apr 17 '20 at 14:53
I tried that... Didn't help. Forgot to include that in the post above. — Denis, Apr 17 '20 at 14:54
Hmm. I see the edit now. [Here](https://stackoverflow.com/questions/49087990/python-request-being-blocked-by-cloudflare) is a similar question. — narendra-choudhary, Apr 17 '20 at 14:56
Guess: CloudFlare is somehow able to determine the request is not coming from a real browser. So, maybe using a browser with Python API should fix this. can checkout Robobrowser. — narendra-choudhary, Apr 17 '20 at 15:01
would like to stick with experimenting with requests as the browser route doesn't teach anything — Denis, Apr 24 '20 at 13:17

How is this site forming the headers on a POST request?

0 Answers0