Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

requests.exceptions.HTTPError: 403 Client Error #104

Closed
deadpixel134 opened this issue Jan 26, 2023 · 7 comments
Closed

requests.exceptions.HTTPError: 403 Client Error #104

deadpixel134 opened this issue Jan 26, 2023 · 7 comments
Labels
bug Something isn't working

Comments

@deadpixel134
Copy link

Today I got this message.

E:\fantiadl-master>fantiadl.py https://fantia.jp/posts/1731261
Fantia session cookie (_session_id or cookies.txt path): E:\fantiadl-master\cookies.txt
Downloading post 1731261...
Traceback (most recent call last):
  File "E:\fantiadl-master\fantiadl.py", line 111, in <module>
    downloader.download_post(url_groups[1])
  File "E:\fantiadl-master\models.py", line 415, in download_post
    response.raise_for_status()
  File "C:\Python310\lib\site-packages\requests\models.py", line 960, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
requests.exceptions.HTTPError: 403 Client Error: Forbidden for url: https://fantia.jp/api/v1/posts/1731261

Checked my cookies.txt, updated to latest one but no luck.
@Zellos234
Copy link

it looks like the API now need an additional "X-CSRF-Token" header or it will response 403.
this token seems to change everytime, some workaround is needed.

@zyzmrx
Copy link

zyzmrx commented Jan 26, 2023

Agree. Same issue is received with multiple session IDs/cookies/posts.

@ytoaa
Copy link

ytoaa commented Jan 26, 2023

Is there a way to solve this?

@bitbybyte
Copy link
Owner

bitbybyte commented Jan 26, 2023
edited
Loading

From what I can tell this is only required on API calls to the /posts endpoint currently. A new CSRF token will be generated on each page load, as seen in the post page source:

<meta name="csrf-token" content="GUvDwTBBc1Q4luaNH4ukLbbSzAoZwm1-Sc07qU8dYGtsvB80QKGf9mgNWCJQW8tbfodX2-WmOBPJchDhxKTLEw" /

This token is present on every page but I don't see any other places it's actively being used. We will probably want to eventually implement this for every API request by first hitting the actual page everywhere, but I believe what needs to happen for now is:

  1. Request the post page, parse HTML for token
  2. Add as a X-CSRF-Token header to /api/v1/posts/{} requests
  3. Perform this same step for every post

@bitbybyte bitbybyte added the bug Something isn't working label Jan 26, 2023
@bitbybyte bitbybyte mentioned this issue Jan 26, 2023
Closed
@jerryfangr jerryfangr mentioned this issue Jan 27, 2023
Closed
bitbybyte added a commit that referenced this issue Jan 27, 2023
@bitbybyte
Use CSRF token on requests to /posts endpoint
e8b4c59 
Potential closure to #104 pending full checks
@bitbybyte
Copy link
Owner

The referenced commit should fix this. Would appreciate tests to see if there are any other requests that seem to return 403.

@deadpixel134
Copy link
Author

It's seems to be working to me.
I think we can close this issue but maybe need more people confirm that it's working.

@bitbybyte
Copy link
Owner

Got enough reports this is working so closing out, new release soon.

This was referenced Jan 29, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@bitbybyte @ytoaa @deadpixel134 @Zellos234 @zyzmrx