dropWizard
Reputation: 3538
Passing CSRF token
This doesn't get past the login screen. I don't think I am passing in the CSRF token correctly. How should I do it?
from bs4 import BeautifulSoup
import requests
url = 'https://app.greenhouse.io/people/new?hiring_plan_id=24047'
cookies = {'_session_id':'my_session_id'}
client = requests.session()
soup = BeautifulSoup(client.get(url, cookies=cookies).content)
csrf_metatags = soup.find_all('meta',attrs={'name':'csrf-token'})[0].get('content')
posting_data = dict(person_first_name='Morgan') ## this is what I want to post to the form
headers = dict(Referer=url, csrf_token=csrf_metatags)
r = client.post(url, data=posting_data, headers=headers)
Thanks!
Upvotes: 1
Views: 994
Answers (1)
xbello
Reputation: 7443
If you inspect the code, you'll find that the form has a hidden attached value like this:
<input name="authenticity_token" type="hidden"
value="2auOlN425EcdnmmoXmd5HFCt4PkEOhq0gpjOCzxNKns=" />
You can catch this value with:
csrf_data = soup.find("input", {"name": "authenticity_token"}).get("value")
Now re-attach the value to the posting data, as you did with person_first_name:
posting_data = dict(person_first_name='Morgan',
authenticity_token=csrf_data)
Upvotes: 2
Related Questions
- Get CSRF token using python requests
- How do I pass a CSRF token using the python-requests library?
- Sending CSRF Tokens via Postman
- Unable to find CSRF token
- Passing csrftoken with python Requests
- How to obtain csrf token for a python POST request to Django server
- Django: Make POST Requests on Server Side with CSRF Token
- Passing csrftoken with python Requests use input type hidden
- httplib - CSRF token
- csrf token Follow up