我对网络爬行和 HTML 内容很陌生。我正在尝试获取该网站的内容: https://services.ecourts.gov.in/ecourtindiaHC/cases/s_orderdate.php?state_cd=24&dist_cd=1&court_code=1&stateNm=Sikkim 但出现一些错误。
session = requests.Session()
path =
'https://services.ecourts.gov.in/ecourtindiaHC/cases/s_orderdate.php?
state_cd=24&dist_cd=1&court_code=1&stateNm=Sikkim'
r2n = session.post(path)
r2n.content
错误:
<html>
<head>
<title>CSRF check failed</title>
<script type="text/javascript">var csrfMagicToken = "sid:c5118ae8a9e61592d303891cc2cd269c204972a8,1563237610";var csrfMagicName = "__csrf_magic";</script><script src="csrf-magic.js" type="text/javascript"></script>
</head>
<body>
CSRF check failed. Please enable cookies.<br />Debug: <script type="text/javascript">CsrfMagic.end();</script>
</body>
</html>
最佳答案
CSRF 阻止用户使用相同的 token 从网站上自己的 session 之外发出请求。您可能正在提交在浏览器 session 中生成的某种形式的 token ,然后从另一台设备发出请求。更多关于 CSRF here .
CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf. For most sites, browser requests automatically include any credentials associated with the site, such as the user's session cookie, IP address, Windows domain credentials, and so forth. Therefore, if the user is currently authenticated to the site, the site will have no way to distinguish between the forged request sent by the victim and a legitimate request sent by the victim.
本质上,它认为您的请求是恶意的人,让您从他们的计算机上调用电话。
给出错误消息:CSRF 检查失败。请启用cookie。,我感觉这个token是存储在cookie中的。以下是我将如何解决这个问题:
- 打开 Chrome 开发者控制台
- 打开网络选项卡
- 重新加载页面
- 右键单击主页的请求
- 鼠标点击“复制”,然后在旁边的下拉框中选择“复制为 cURL”
- 转到https://curl.trillworks.com并输入 cURL 命令以获取将发出相同请求的 python requests 程序。
关于javascript - 访问不需要登录的网站时CSRF检查失败是什么意思?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57048799/