0

THIS REQUEST WORKS AND RETURNS {"projectId":"508980180","userFavorite":true,"statusChanged":true}:

curl 'https://api.scratch.mit.edu/proxy/projects/508980180/favorites/user/iIhp1O' \
  -X 'POST' \
  -H 'authority: api.scratch.mit.edu' \
  -H 'content-length: 0' \
  -H 'x-requested-with: XMLHttpRequest' \
  -H 'dnt: 1' \
  -H 'x-csrftoken: a' \
  -H 'x-token: ${token}' \
  -H 'accept-language: en, en;q=0.8' \
  -H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4371.0 Safari/537.36' \
  -H 'accept: */*' \
  -H 'origin: https://scratch.mit.edu' \
  -H 'sec-fetch-site: same-site' \
  -H 'sec-fetch-mode: cors' \
  -H 'sec-fetch-dest: empty' \
  -H 'referer: https://scratch.mit.edu/' \
  -H 'cookie: scratchlanguage=en; scratchsessionsid="${sessionId}"; scratchcsrftoken=a' \
  --compressed

BUT THIS ONE FAILS WITH {"code":"Forbidden","message":""}

fetch(`https://api.scratch.mit.edu/proxy/projects/${projectId}/favorites/user/${user.username}`, {
"headers": {
  "accept": "*/*",
  "content-type":"*/*",
  "accept-language": "en, en;q=0.8",
  "sec-fetch-dest": "empty",
  "sec-fetch-mode": "cors",
  "sec-fetch-site": "same-site",
  "x-csrftoken": 'a',
  "x-requested-with": "XMLHttpRequest",
  "x-token": token,
  "cookie": `scratchlanguage=en; scratchsessionsid=\"${user.sessionId}\"; scratchcsrftoken=\"a\"`
},
"referrer": "https://scratch.mit.edu/",
"referrerPolicy": "strict-origin-when-cross-origin",
"body": null,
"method": "POST",
"mode": "cors"

});

THIS IS SO ANNOYING OMG, I COPIED BOTH OF THEM FROM GOOGLE SOURCES, BUT ONE WORKS AND THE OTHER DOESNT WHYY!!?!?!?!?!?!?

Also, the linux bash fetch works, but not the cmd one.

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Micah Powch
  • 1

0 Answers0