Pooya
Reputation: 1558
CSRF verification failed. when using cURL
i'm trying to get content of markafoni.com by curl.
class curl
{
private $ch;
function __construct()
{
$this->ch = curl_init();
curl_setopt($this->ch,CURLOPT_CAINFO,dirname(__FILE__)."/cacert.pem");
curl_setopt($this->ch,CURLOPT_USERAGENT,'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/32.0.1700.107 Chrome/32.0.1700.107 Safari/537.36');
curl_setopt($this->ch,CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($this->ch,CURLOPT_SSL_VERIFYHOST, false);
//curl_setopt($this->ch,CURLOPT_AUTOREFERER, true);//
//curl_setopt($this->ch,CURLOPT_REFERER, 'https://www.markafoni.com/');//
//curl_setopt($this->ch,CURLOPT_FAILONERROR, false);//
curl_setopt($this->ch,CURLOPT_FOLLOWLOCATION, 1);
curl_setopt($this->ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($this->ch,CURLOPT_VERBOSE,1);
//curl_setopt($this->ch,CURLOPT_HEADER,1);
//curl_setopt($this->ch,CURLOPT_HTTPHEADER,$header);
curl_setopt($this->ch,CURLOPT_COOKIESESSION, true);
curl_setopt($this->ch,CURLOPT_COOKIEJAR, dirname(__FILE__)."/cookie.txt");
curl_setopt($this->ch,CURLOPT_COOKIEFILE, dirname(__FILE__)."/cookie.txt");
}
function run($url,$post=array())
{
$postField = '';
foreach($post as $k=>$v) $postField .= $k.'='.$v.'&';
curl_setopt($this->ch,CURLOPT_URL,$url);
if(count($post)){
curl_setopt($this->ch,CURLOPT_POST,count($post));
curl_setopt($this->ch,CURLOPT_POSTFIELDS,$postField);
}else{
curl_setopt($this->ch,CURLOPT_POST,0);
curl_setopt($this->ch,CURLOPT_POSTFIELDS,'');
}
return curl_exec($this->ch);
}
}
but I get this error:
Forbidden (403)
CSRF verification failed. Request aborted.
You are seeing this message because this HTTPS site requires a 'Referer header' to be sent by your Web browser, but none was sent. This header is required for security reasons, to ensure that your browser is not being hijacked by third parties.
If you have configured your browser to disable 'Referer' headers, please re-enable them, at least for this site, or for HTTPS connections, or for 'same-origin' requests
any idea?
edit:
and when I enable this line:
curl_setopt($this->ch,CURLOPT_REFERER,'https://www.markafoni.com/');
I get another error:
Forbidden (403)
CSRF verification failed. Request aborted.
Upvotes: 1
Views: 9049
Answers (1)
Steve
Reputation: 20469
A browser will always make a get request to a page (to show the form) before making the post.
Consider the following response headers from a get request made from chrome:
HTTP/1.1 200 OK
Server: nginx
Date: Thu, 29 May 2014 11:57:01 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
Vary: Cookie
CACHE: True
Set-Cookie: csrftoken=5F3ttzJcnWdLkL7sPDekggxgjDJTKAmz; expires=Thu, 28-May-2015 11:57:01 GMT; Max-Age=31449600; Path=/
Set-Cookie: _auth=0; Domain=.markafoni.com; Path=/
Set-Cookie: ladsrv=; Domain=.markafoni.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; Path=/
X-BackendID: caramel
X-Forwarded-Proto: http
Content-Encoding: gzip
P3P: CP="CAO DSP COR LAW CURa ADMa DEVa PSAa PSDa OUR DELa BUS IND PHY ONL UNI PUR COM NAV INT STA",policyref="/w3c/p3p.xml"
Notice the cookies set, specifically this one: csrftoken=....
In order to make post requests to this site, you will need to make a get request 1st, save the cookies, then make the post request with the same cookies.
Upvotes: 2
Related Questions
- how to fix Invalid request (Unsupported SSL request) only php?
- laravel csrf_token mismatch when getting url request using curl in wordpress
- PHP Curl: Could not verify the provided CSRF token because your session was not found
- curl php authentication not working
- PHP cURL login with CSRF token not working (9gag.com)
- Login with PHP curl and CSRF token
- cURL CSRF Token
- Authenticated curl not working in php
- cURL X-CSRF Token Issue
- Grab X-CSRF Token to login with php/curl