heroku csrf parse-cloud-code django-csrf

Heroku CSRF and POST httpRequest

I have a web crawler on Heroku and I'm trying to call the script from a POST request on Parse Cloud Code httpRequest but I receive a 403 forbidden response basically telling me the Referer Header didn't pass. How can I get past this?

Solution

Django's CSRF protection tests the Referer header: see https://docs.djangoproject.com/es/1.9/ref/csrf/#how-it-works. Browsers typically send that header to indicate the page that originated a request, but programmatic user agents don't (cURL, Python requests, and presumably Parse.Cloud.httpRequest) without being told to do so.

To add custom headers to a Parse request, see: Parse.Cloud.httpRequest call with HTTP request header (note the headers object).

That said, you also need to make sure you have a way to get the CSRF token to begin with, and include it either in a XCSRF-Token header or a form field (unclear from your question whether you are doing that).

How to enable TLS for Redis 6 on Sidekiq?
What should be the redirect URL for an API request?
Django: Not Found static/admin/css
I'm trying to connect with my Heroku app and when I enter my email and password, it's asking me "Enter the code generated by your authenticator app."
How do I stop Routing Errors errors from causing all sorts of warning?
Node.js, PostgreSQL error: no pg_hba.conf entry for host
Discord js role.members not return all members
Where do I get a CPU-only version of PyTorch?
Google OAuth 2 Error 400: redirect_uri_mismatch but redirect uri is compliant and already registered in Google Cloud Console
Heroku/Git: protocol error: bad line length character: erro
Rails.application.credentials.dig(:secret_key_base) returning nil in Heroku production
The requested file (go1.13.7.linux-amd64.tar.gz) is unknown to the buildpack when pushing golang web app to heroku?
How to install Git on Heroku?
How to have Rails migrations run automatically on Heroku
Running tests against existing database using pytest-django
tsc: not found error in heroku despite trying everything
Heroku postgresql queries not working on Heroku, but work locally
Heroku Django performance issues - Request Queuing
Heroku Error code=H27 desc="Client Request Interrupted" method=POST USING RAILS Server-side,Vue front-end
How to remove a Github Environment
How to fix "Error: The server does not support SSL connections" when trying to access database in localhost?
Telegram bot python error in webhooks heroku
"Multi buildpack" app not detecting multiple technologies
How restore a Heroku PG database on a MAC
The argument 'path' must be a string, Uint8Array, or URL without null bytes. Received '\x00@astro-page:astro/assets/endpoint/node' on Heroku deploy
Error trying to install Postgres for python (psycopg2)
socket.io-client-cpp does not connect to node app on Heroku via https
Dependency problem using multer and multer-gridfs-storage
Session not persisting after redirect during Google OAuth 2.0 flow
IP Address Mismatch on signing into Heroku CLI