Python 带有标题和数据的POST请求将导致200个ok响应，但未添加用户_Python_Post_Python Requests_Postman

Python 带有标题和数据的POST请求将导致200个ok响应，但未添加用户

python post postman

Python 带有标题和数据的POST请求将导致200个ok响应，但未添加用户,python,post,python-requests,postman,Python,Post,Python Requests,Postman,在创建此查询之前，检查了本主题中的一些内容并遵循了其中的步骤，但仍然无法完成，因此再次在此处提出此问题以寻求解决方案以下是可以从chrome中的inspect element网络活动中获得的握手代码 Request URL: https://example.com/ne_rm/add/ Request Method: POST Status Code: 200 Remote Address: 11.130.11.19:413 Referrer Policy: no-referrer-wh

在创建此查询之前，检查了本主题中的一些内容并遵循了其中的步骤，但仍然无法完成，因此再次在此处提出此问题以寻求解决方案

以下是可以从chrome中的inspect element网络活动中获得的握手代码

Request URL: https://example.com/ne_rm/add/  
Request Method: POST
Status Code: 200 
Remote Address: 11.130.11.19:413
Referrer Policy: no-referrer-when-downgrade

accept-ranges: bytes
age: 0
cache-control: max-age=0
content-encoding: gzip
content-length: 22
content-type: text/html; charset=utf-8
date: Wed, 05 Dec 2018 09:27:21 GMT
expires: Wed, 05 Dec 2018 09:27:21 GMT
last-modified: Wed, 05 Dec 2018 09:27:21 GMT
server: tv
status: 200
vary: Accept-Encoding, Cookie
via: 1.1 varnish, 1.1 c34ac5faa133414ef7dde72a4f32c43d.cloudfront.net (CloudFront)
x-amz-cf-id: K3-mr0hE2iObHSoWssicdKTZzCGsWEUnSUSws1v-fln9jP1gT668sQ==
x-cache: Miss from cloudfront
x-frame-options: SAMEORIGIN
x-varnish: 3925923656

:authority: example.com
:method: POST
:path: /ne_rm/add/
:scheme: https
accept: application/json, text/javascript, */*; q=0.01
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
content-length: 72
content-type: application/x-www-form-urlencoded; charset=UTF-8
cookie: km_lv=x; _ga=GA1.2.927532329.1495375443; km_ai=xxx@mail.com;  km_ni=xx@gmail.com; sessionid=0j95mvy7sssxss41i6woawmj3nyqw11a; csrftoken=SDmN222meuuKexz3333nPXue2yw22TGV7dfff; _sp_id.df1c=15d71e85-964f-42ee-965a->4a9d8c0902ec.1538974408.1.1538974410.1538974408.37c368eb-6de7-4716-8e84->06b17f6e6914; __utmz=226258911.1539246301.382.19.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); tv_ecuid=189b7a17-8451-4ae3-9443-3cec2dda407d; __utmc=226258911; _sp_ses.cf1a=*; __utma=226258911.927532329.1495375443.1543915752.1544001282.532; km_vs=1; _sp_id.cf1a=f53754cc-c8ba-42e2-a310-08566d71540d.1539169168.144.1544001661.1543915787.f1ddde18-9adf-4e88-a852-1485403f2587; kvcd=1544001661767; __utmb=226258911.10.9.1544001932454
origin: https://example.com
referer: https://example.com/script/Zo-Tester/
user-agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36
x-csrftoken: SDmN222meuuKexz3333nPXue2yw22TGV7dfff
x-language: in
x-requested-with: XMLHttpRequest

id: PUB;FMx5WvjpGrmETV username_recip: xxxxyyzzz

这里使用id和用户名作为我想调用的数据

https://example.com/ne_rm/add/

并将此用户名添加到列表中。在使用POST Chrome extension进行此操作时，我得到了200 Ok作为响应，并且名称被添加到列表中。同时，在使用python代码执行此操作时，我得到了200 Ok作为响应代码，但操作没有成功

请注意，在python中单独使用的是什么，但它失败了

你能帮我做这件事吗

这是密码

import requests
import json

# *optional*, the site may not care about these. If they *do* care, then
# they care about keeping out automated scripts and could in future 
# raise the stakes and require more 'browser-like' markers. Ask yourself
# if you want to anger the site owners and get into an arms race.
headers = {
    'user-agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36',
    'origin':'https://www.example.com',
    'referer':'https://example.com/script/Zo-Tester/',
    'x-csrftoken': 'SDmN222meuuKexz333nPXue2yw22TGV7dfff',
}

payload = {
    'x-csrftoken': 'SDmN222meuuKexz333nPXue2yw22TGV7dfff',
    'username_recip':'xxxxyyzzz',
    'pine_id':'PUB;FMx5WvjpGrmETV',
}

url = 'https://www.example.com/ne_rm/add/'
# the URL from the Referer header, but others at the site would probably
# also work
#Referrer URL
initial_url = 'https://example.com/script/Zo-Tester/'

with requests.Session() as session:
    # obtain CSRF cookie
    #initial_response  = session.get(initial_url)
    #payload['csrf_test_name'] = session.cookies['csrf_cookie_name']

    # Now actually post with the correct CSRF cookie
    response = session.post(url, headers=headers, data=payload)
    print(response)
    input("wait")

您需要取消注释

#获取CSRF cookie

的一部分以获取新的

x-csrftoken

，如果我在您的Chrome标题中看到，它的

id

不是

pine\u id

import requests
import json


headers = {
    'user-agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36',
    'origin':'https://www.example.com',
    'referer':'https://example.com/script/Zo-Tester/',
}

payload = {
    'username_recip':'xxxxyyzzz',
    'pine_id':'PUB;FMx5WvjpGrmETV' # it should be 'id' ?
}

url = 'https://www.example.com/ne_rm/add/'
initial_url = 'https://example.com/script/Zo-Tester/'

with requests.Session() as session:
    # obtain CSRF cookie
    initial_response  = session.get(initial_url)
    headers['x-csrftoken'] = session.cookies['csrftoken']

    # Now actually post with the correct CSRF cookie
    response = session.post(url, headers=headers, data=payload)
    print(response)
    input("wait")

这是pine_id而不是标题id。这是正确的。我更改了取消注释部分的代码，这是错误。无效负载['x-csrftoken']=session.cookies['x-csrftoken']返回self.\u find\u no\u duplicates（name）\u find\u no\u duplicates引发KeyError（'name=%r，domain=%r，path=%r'（name，domain，path））KeyError:'name='x-csrftoken'，domain=None，path=None'代码中是否有比我的问题报告代码更大的更改。已传达对此行的注释无效。是否删除标题和负载中的

x-csrftoken

？你的代码似乎是对的。如果您不介意在postman查询中发布URL.in x-csrftoken，则必须包含该URL.in x-csrftoken，否则它在chrom postman模拟中不起作用，现在尝试删除并测试该URL.in，但仍然失败。不幸的是，不允许共享url。我刚刚发现，

x-csrftoken

作为

csrftoken

存储在Cookie中，需要将其作为标题发送，请参阅编辑的答案。您不能只重用CSRF令牌。您必须首先整理好令牌。您发布的请求/响应对可以看到CSRF令牌存储在cookie中（浏览器发送的

Cookie

头具有

csrftoken=SDmN222meuuKexz3333nPXue2yw22TGV7dfff；

，该Cookie在早期请求中首先提供给浏览器。您注释掉的我的答案中的代码从初始请求中获取该令牌，通过禁用它，您可以确保服务器不会信任您的请求。）EST现在，因为它将不包含有效的CSRF令牌。如何实现这一点，请参考任何代码示例。我对python和这种头处理是新手。