为什么这个HTTP帖子在网站上不起作用

本文关键字:网站 不起作用 HTTP 为什么 | 更新日期: 2023-09-27 18:32:33

我正在尝试在网站上发布,这会为日志添加一些内容。当我通过浏览器执行此操作时,一切正常,而当我通过程序执行此操作时,不会添加任何内容。

我在浏览器和程序中都收到"200"响应。

Fiddler 中的文本视图(在浏览器上(:

utf8=%E2%9C%93&authenticity_token=K32ch7TAQI9PIMInQAVeGFS2lEn5APs5WkKCb3Ep%2Bj8%3D&message%5Btext%5D=Hej&commit=Send

Fiddler中的文本视图(我的程序(:

utf8=%e2%9c%93&authenticity_token=K32ch7TAQI9PIMInQAVeGFS2lEn5APs5WkKCb3Ep%2bj8%3d&message%5btext%5d=Hej&commit=Send

RAW(我的浏览器(:

POST url HTTP/1.1
Host: www.website.com
Connection: keep-alive
Content-Length: 121
Accept: */*;q=0.5, text/javascript, application/javascript, application/ecmascript, application/x-ecmascript
Origin: http://www.website.com
X-CSRF-Token: K32ch7TAQI9PIMInQAVeGFS2lEn5APs5WkKCb3Ep+j8=
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36
X-Requested-With: XMLHttpRequest
Content-Type: application/x-www-form-urlencoded
Referer: http://www.website.com
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,da;q=0.6
Cookie: fbm_238256999842=base_domain=.domain.com; __lc.visitor_id.2885992=S1376210797.6c94fdbc2a; user_age=23; _single_session=BAh7CkkiD3Nlc3Npb25faWQGOgZFRkkiJWQ4YWFlOTg0MDNkZGYyYWQ1MTA1NzljZjEyZGRlY2UxBjsAVEkiFmluZGV4X3NwbGFzaF8yMDEzBjsARmkGSSIZd2FyZGVuLnVzZXIudXNlci5rZXkGOwBUWwhJIglVc2VyBjsARlsGaQPKwAxJIgxuZXRkYXRlBjsARkkiGm9ubGluZV9zdGF0dXNfdG91Y2hlZAY7AEZJdToJVGltZQ0QYxyAgaLOrQo6C0Bfem9uZUkiCUNFU1QGOwBUOg1uYW5vX251bWkC4AM6DW5hbm9fZGVuaQY6DXN1Ym1pY3JvIgeZIDoLb2Zmc2V0aQIgHEkiEF9jc3JmX3Rva2VuBjsARkkiMUszMmNoN1RBUUk5UElNSW5RQVZlR0ZTMmxFbjVBUHM1V2tLQ2IzRXArajg9BjsARg%3D%3D--676129dd5e8610525c75600989f7c563517938f2; __utma=165150141.1159381462.1376210785.1379964911.1380038586.30; __utmb=165150141.44.10.1380038586; __utmc=165150141; __utmz=165150141.1378658500.16.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); _ga=GA1.2.1159381462.1376210785; __ar_v4=CJLW5TTORNEXTFNCM45SA7%3A20130911%3A117%7CO7VFZLVH2JECBJGXBDZU4E%3A20130911%3A117%7CY2N2UAMJNBCF7NZLP3EBM6%3A20130911%3A89%7CXMTUNIBTWVDONDLY4CFR77%3A20130911%3A27%7CXXYWGZWUVFE5LE42VCBQMT%3A20130924%3A1; fbsr_238256999842=dsfZCzzwfV5u33j_Fy7Gko7iSKPf3gNOozmQS07K3xE.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUNHVmMxTnhYV0F0R05PSExxQlJtTjVVTXkyQ09DcmdpT0VJbXBzcTJ4aE1UeVk0Vnh1RlZZTXYwcUxPVVYwOG9nMzNZdVRuVGhNaElHMkRCTVltVnhidFFZc21hV3JpZGo1Rk45cmxROXRFWFdLZ0dHdFdvUmJyN19SMmVNd2l2Z29mT1o5YmlxVTVJVUctZVhiS1duTXlIaVNIa0hEaG5ib0dfMExNZjRhcWgzMHliV3pxeEw0Z1kyMUxsX2g2elZqT2xOdEdScTR3SUFEbWVBWW9LWWUwN0RWNUlhXzNOSlRKdW1fUGJmTnVQMzJWd2M0TV9sZ1U3bXk0ejl3aXhJZGthaDlNbjlkbE5iNW5zQ0NXbVFFb1I2c21QWG1FekZLdDlQQ1RNSGZVVFRGVVJ5RVpNd3piT0FZV0dIaEtCSSIsImlzc3VlZF9hdCI6MTM4MDA0MTA2NywidXNlcl9pZCI6IjU1NzQzMTg4NSJ9
utf8=%E2%9C%93&authenticity_token=K32ch7TAQI9PIMInQAVeGFS2lEn5APs5WkKCb3Ep%2Bj8%3D&message%5Btext%5D=Hej&commit=Send

原始(我的程序(:

POST url HTTP/1.1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36
Accept: */*;q=0.5, text/javascript, application/javascript, application/ecmascript, application/x-ecmascript
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8,da;q=0.6
Origin: http://www.website.com
Referer: http://www.website.com
X-CSRF-Token: w2cOY0v1YW5/aB9Po/A8N8LD50p8J/Rxkx9NzMkEWBY=
X-Requested-With: XMLHttpRequest
Cache-Control: max-age=0
Host: www.website.com
Cookie: __lc.visitor_id.2885992=S1376210797.6c94fdbc2a; __ar_v4=CJLW5TTORNEXTFNCM45SA7%3A20130911%3A91%7CO7VFZLVH2JECBJGXBDZU4E%3A20130911%3A91%7CY2N2UAMJNBCF7NZLP3EBM6%3A20130911%3A72%7CXMTUNIBTWVDONDLY4CFR77%3A20130911%3A18%7CXXYWGZWUVFE5LE42VCBQMT%3A20130924%3A1; user_age=23; _ga==GA1.2.1159381462.1376210785; fbsr_238256999842=xA1ic3Y9Hr--2X7kOrvK_4PjFzSsDSSIGPsZMBBIY6Q.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUJIQllHd0J3YWRBa0pzX0Vtd3d1LXc3LWM0MmxxM0RGbVRtOUg3cTZSdWNIcG1penc3dU0yVUZGWDR3UlpfTkdZX3BVXzRSN2lsUU5lVTRxNlltRUNISVdieFRxSmVOZUZkUFktSmIyZmR6ZVd1&; __utma=165150141.1159381462.1376210785.1379964911.1380038586.30&; __utmb=165150141.44.10.1380038586&; __utmc=165150141&; __utmz=165150141.1378658500.16.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)&; _single_session=BAh7CkkiD3Nlc3Npb25faWQGOgZFRkkiJWQ4YWFlOTg0MDNkZGYyYWQ1MTA1NzljZjEyZGRlY2UxBjsAVEkiFmluZGV4X3NwbGFzaF8yMDEzBjsARmkGSSIZd2FyZGVuLnVzZXIudXNlci5rZXkGOwBUWwhJIglVc2VyBjsARlsGaQPKwAxJIgxuZXRkYXRlBjsARkkiGm9ubGluZV9zdGF0dXNfdG91Y2hlZAY7AEZJdToJVG&
Content-Length: 126

我想我的问题是:

当我将相同的数据发布到同一个 URL 时,什么会阻止它工作?我想这是我的一些标题,但我认为只要内容类型和其他一些重要的标题匹配,一切都很好。

我很确定authenticity_token总是相同的(当我使用网站时(,所以我认为这不是问题所在。

这里可能有什么问题?我应该非常担心哪些标题?饼干怎么样?

现在,我对所有

数据和令牌进行硬核处理,直到我让它工作为止。但是,我的 C# Web 请求在这里:

 private static HttpWebRequest GetHttpRequest(string url, CookieContainer container, bool post)
        {
            HttpWebRequest request = (HttpWebRequest)WebRequest.Create(url);
            request.Method = post ? "POST" : "GET";
            request.ContentType = "application/x-www-form-urlencoded";
            request.UserAgent =
                "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36";
            request.Accept = "*/*;q=0.5, text/javascript, application/javascript, application/ecmascript, application/x-ecmascript";
            request.Headers.Add("Accept-Encoding","gzip,deflate,sdch");
            request.Headers.Add("Accept-Language", "en-US,en;q=0.8,da;q=0.6");
            //request.Headers.Add("Cache-Control", "max-age=0");
            request.CookieContainer = container;
            request.KeepAlive = true;
            request.Expect = "";
            request.Headers.Add("Origin", "http://www.domain.com");
            request.Referer = "http://www.domain.com";
            request.Headers.Add("X-CSRF-Token", "w2cOY0v1YW5/aB9Po/A8N8LD50p8J/Rxkx9NzMkEWBY=");
            request.Headers.Add("X-Requested-With", "XMLHttpRequest");
            return request;
        }

在 C# 中,我的 cookie 和数据:

  NameValueCollection col = new NameValueCollection();
        col.Add("utf8", "✓");
        col.Add("authenticity_token", "K32ch7TAQI9PIMInQAVeGFS2lEn5APs5WkKCb3Ep+j8=");
        col.Add("message[text]", messages.TextBody);
        col.Add("commit", "Send");

        container = new CookieContainer();
        container.Add(new Cookie("__lc.visitor_id.2885992", "S1376210797.6c94fdbc2a") { Domain = "domain.com", Expires = DateTime.Now.AddDays(1) });
        container.Add(new Cookie("__ar_v4", "CJLW5TTORNEXTFNCM45SA7%3A20130911%3A91%7CO7VFZLVH2JECBJGXBDZU4E%3A20130911%3A91%7CY2N2UAMJNBCF7NZLP3EBM6%3A20130911%3A72%7CXMTUNIBTWVDONDLY4CFR77%3A20130911%3A18%7CXXYWGZWUVFE5LE42VCBQMT%3A20130924%3A1") { Domain = "domain.com", Expires = DateTime.Now.AddDays(1) });
        container.Add(new Cookie("user_age", "23") { Domain = "domain.com", Expires = DateTime.Now.AddDays(1) });
        container.Add(new Cookie("_ga", "=GA1.2.1159381462.1376210785") { Domain = "domain.com", Expires = DateTime.Now.AddDays(1) });
        container.Add(new Cookie("fbsr_238256999842", "xA1ic3Y9Hr--2X7kOrvK_4PjFzSsDSSIGPsZMBBIY6Q.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImNvZGUiOiJBUUJIQllHd0J3YWRBa0pzX0Vtd3d1LXc3LWM0MmxxM0RGbVRtOUg3cTZSdWNIcG1penc3dU0yVUZGWDR3UlpfTkdZX3BVXzRSN2lsUU5lVTRxNlltRUNISVdieFRxSmVOZUZkUFktSmIyZmR6ZVd1…") { Domain = "domain.com", Expires = DateTime.Now.AddDays(1) });
        container.Add(new Cookie("__utma", "165150141.1159381462.1376210785.1379964911.1380038586.30…") { Domain = "domain.com", Expires = DateTime.Now.AddDays(1) });
        container.Add(new Cookie("__utmb", "165150141.44.10.1380038586…") { Domain = "domain.com", Expires = DateTime.Now.AddDays(1) });
        container.Add(new Cookie("__utmc", "165150141…") { Domain = "domain.com", Expires = DateTime.Now.AddDays(1) });
        container.Add(new Cookie("__utmz", "165150141.1378658500.16.2.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided)…") { Domain = "domain.com", Expires = DateTime.Now.AddDays(1) });
        container.Add(new Cookie("_single_session", "BAh7CkkiD3Nlc3Npb25faWQGOgZFRkkiJWQ4YWFlOTg0MDNkZGYyYWQ1MTA1NzljZjEyZGRlY2UxBjsAVEkiFmluZGV4X3NwbGFzaF8yMDEzBjsARmkGSSIZd2FyZGVuLnVzZXIudXNlci5rZXkGOwBUWwhJIglVc2VyBjsARlsGaQPKwAxJIgxuZXRkYXRlBjsARkkiGm9ubGluZV9zdGF0dXNfdG91Y2hlZAY7AEZJdToJVG…") { Domain = "domain.com", Expires = DateTime.Now.AddDays(1) });

为什么这个HTTP帖子在网站上不起作用

要调试此问题,请在 Fiddler 中捕获工作和非工作请求。

选择两者并右键单击并选择"比较"。确定这两个请求的不同之处,然后更改代码以使其匹配。

authenticity_token可能是来自先前 HTML 文档响应中隐藏的 JavaScript 变量或表单字段的一次性令牌,重复使用令牌通常不起作用。

此外,您是否注意到 URL 中的authenticity_token与应用请求的X-CSRF-Token标头不匹配,但在工作请求中匹配?这可能是问题所在。