Python requests returns 403

Question

So, I have been developing a small flask app. I have been able to call the activate method from a web form, but i'm trying to post to it using the python requests library and keep getting 403 (there is no authentication being used).

But when I post to it using httplib2, all of a sudden it works. Is there something I'm missing here?

import httplib2 
import requests

http = httplib2.Http()
content = http.request('http://127.0.0.1:5000/services/activate', method="POST")

print content

res = requests.post('http://127.0.0.1:5000/services/activate')

print res

Gives me the output:

({'status': '200', 'content-length': '20', 'server': 'Werkzeug/0.12.2 Python/2.7.12', 'date': 'Thu, 21 Dec 2017 05:55:20 GMT', 'access-control-allow-origin': '*', 'content-type': 'application/json'}, '{\n  "status": "ok"\n}')
<Response [403]>

It could be because your flask app requires the `csrf_token` to be passed — 0xtvarun, Dec 21 '17 at 06:11
flask uses hidden field(s) in form and you have to send this field in post too - but `requests` doesn't do it automatically and you have to do it manually. — furas, Dec 21 '17 at 07:42

score 0 · Answer 1 · answered Dec 21 '17 at 09:23

if you could post all your relevant code, that would be great. But in general -

if using FlaskForm your HTML should look like:

<form action="{{url_for('activate') }}" method = "post">
    {{ form.csrf_token }}
    <!-- other form stuff -->
</form>

Else,

 <input type="hidden" name="csrf_token" value="{{ csrf_token() }}"/>

from: http://flask-wtf.readthedocs.io/en/stable/csrf.html

Python requests returns 403

1 Answers1