2

I'm trying to run a search on a website for the word 'Adrian'. I already understand that first I have to send a request to the website, in the response I will have an XSRF-token that I need to use for the second request. As I understand, if I'm using session.get(), it keeps the cookies automatically for the second request, too.

I run the first request, get a 200 OK response, I print out the cookies, the token is there. I run the second request, I get back a 400 error but if I print out the header of the second request, the token is there. I don't know where it is going wrong.

Why do I get 400 for the second one?

import requests  
session = requests.Session()

response = session.get('https://www.racebets.com/en/horse-racing/formguide') 
print(response)  
cookies = session.cookies.get_dict()  
print(cookies) 
XSRFtoken = cookies['XSRF-TOKEN']  
print(XSRFtoken)

response = session.get('https://www.racebets.com/ajax/formguide/search?s=Adrian') 
print(response)  
print(response.request.headers)

I also tried to skip session and use requests.get() in the second request and add the token to the header by myself but the result is the same:

import requests 
session = requests.Session()
 
response = session.get('https://www.racebets.com/en/horse-racing/formguide')
print(response) 
cookies = session.cookies.get_dict() 
print(cookies)
XSRFtoken = cookies['XSRF-TOKEN'] 
print(XSRFtoken)
 
headers = {'XSRF-TOKEN': XSRFtoken} 
response = session.get('https://www.racebets.com/ajax/formguide/search?s=Adrian', headers=headers)
print(response) 
print(response.request.headers)
serv-inc
  • 35,772
  • 9
  • 166
  • 188
Katalin Szeghalmi
  • 63
  • 8
  • Most probably it's not the XSRF that's at fault, it's another header. – thethiny Mar 03 '21 at 22:07
  • 1
    The API you're trying to make an HTTP GET request to cares about two request headers: `cookie` and `x-xsrf-token`. Log your browser's network traffic to see what they're composed of. – Paul M. Mar 03 '21 at 22:25

1 Answers1

0

As Paul said:

The API you're trying to make an HTTP GET request to cares about two request headers: cookie and x-xsrf-token. Log your browser's network traffic to see what they're composed of.

The header needs to be named x-xsrf-token. Try this:

token = session.cookies.get('XSRF-TOKEN')
headers = {'X-XSRF-TOKEN': token} 
response = session.get('https://www.racebets.com/ajax/formguide/search?s=Adrian', headers=headers)
serv-inc
  • 35,772
  • 9
  • 166
  • 188