0

Let's say I'm calling a curl to my backend like this:

curl -v http://dev.testapi.com/login -H 'User-Agent: Android'

The response is:

*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 Extended Validation Server CA
*  SSL certificate verify ok.
* TLSv1.3 (OUT), TLS app data, [no content] (0):
> GET /login HTTP/1.1
> Host: dev.testapi.com
> Accept: */*
> User-Agent: Android
>
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, [no content] (0):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS app data, [no content] (0):
< HTTP/1.1 200 OK
< X-XSRF-TOKEN: ebd847nb-1922-3f17-8mad-209873
< Expires: 0
< X-XSS-Protection: 1; mode=block
< X-CSRF-HEADER: X-XSRF-TOKEN
< Set-Cookie: JSESSIONID=pTgM0I9NHfX8hkaYSAVMkx5syej6jcOI46FWKDmRF5Mey5V5wc1eBD5HX5yo.ZmQfZG9tYWluL2NnbvRhW5lFF9=; Path=/; HttpOnly
< Cache-Control: no-cache, no-store, max-age=0, must-revalidate
< Pragma: no-cache
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000 ; includeSubDomains
< Date: Wed, 12 Aug 2020 02:25:33 GMT
< X-CSRF-PARAM: _csrf
< Content-Type: application/json;charset=UTF-8
< Transfer-Encoding: chunked
<
* TLSv1.3 (IN), TLS app data, [no content] (0):
* Connection #0 to host dev.testapi.com left intact
{"success":true,"message":null,"jres":null,"redirectUrl":"","trscDt":null,"trscTm":null}

On the bottom, you can see a JSON object indicating the response is success. You can also see the values of X-XSRF-TOKEN and Set-Cookie, which are ebd847nb-1922-3f17-8mad-209873 and JSESSIONID=pTgM0I9NHfX8hkaYSAVMkx5syej6jcOI46FWKDmRF5Mey5V5wc1eBD5HX5yo.ZmQfZG9tYWluL2NnbvRhW5lFF9=; Path=/; HttpOnly.

I'm trying to do the same thing with PHP:

<?php

$cookie= "C:\\xampp\\htdocs\\testapp\\cookie.txt";
$fff = fopen('C:\\xampp\\htdocs\\testapp\\request.txt', 'w');

$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://dev.testapi.com/login");
curl_setopt($ch, CURLOPT_USERAGENT, "Android");
curl_setopt($ch, CURLINFO_HEADER_OUT, true);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookie);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookie);
curl_setopt($ch,CURLOPT_VERBOSE,true);
curl_setopt($ch,CURLOPT_STDERR ,$fff);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

$out = curl_exec($ch);
//$information = curl_getinfo($ch);
//echo $out;
//var_dump($information);
echo $out;
?>

How do you retrieve the value of X-XSRF-TOKEN? I know Set-Cookie value is stored in cookie.txt, though.

anta40
  • 6,511
  • 7
  • 46
  • 73
  • What comes in `$information = curl_getinfo($ch);` ? – nice_dev Aug 12 '20 at 09:02
  • @vivek_23 Please have a look: https://gist.github.com/anta40/7777de6d7b56aa3da1073bac7553937a – anta40 Aug 12 '20 at 09:09
  • See here to get response headers https://stackoverflow.com/a/41135574/4964822 – nice_dev Aug 12 '20 at 09:19
  • So you don’t _actually_ want the verbose output here, but really you are interested in getting access to those headers, right? User comment https://www.php.net/manual/en/function.curl-setopt.php#118586 indicates that both CURLINFO_HEADER_OUT and CURLOPT_VERBOSE together don’t work. – CBroe Aug 12 '20 at 09:19

0 Answers0