python web-scraping post python-requests csrf

Login with post request and xsrf token but getting a 419

I am trying to login to slicethepie.com using pythons requests library.

From my understanding, I am getting a 419 because I am not passing a csrf token. The only similar token I see in Chromes network tab is an XSRF-TOKEN. Do I need to pass that instead? Why is my code returning a 419?

You can currently see I am passing the XSRF token in the cookie but no luck.

import requests

link = "https://www.slicethepie.com/login"
response = requests.get(link)  # no XSRF token in here

payload = { "email": "[email protected]", "password": "password", "_token": "w4uj7bk4KRjheHk05MajnrWfHyS9PmN7mmMgUpx5", "validation": "token", location[latitude]: None, location[longitude]: None}

headers = {
    "Cookie": "XSRF-TOKEN=...tokenInImage...slicethepie_session=...tokenInImage...",
    "Accept": "*/*",
    "Accept-Encoding": "gzip, deflate, br",
    "Connection": "keep-alive",
    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36",
    "Referer": "https://www.slicethepie.com/login",
    "Origin": "https://www.slicethepie.com",
}

with requests.Session() as s:
    p = s.post(
        "https://www.slicethepie.com/login",
        headers=headers,
        json=payload,
    )
    print(p) # returns 419. Page Expired

Form Data in Payload

_token: w4uj7bk4KRjheHk05MajnrWfHyS9PmN7mmMgUpx5
_token: w4uj7bk4KRjheHk05MajnrWfHyS9PmN7mmMgUpx5
validation: token
location[latitude]: None
location[longitude]: None
email: [email protected]
password: password

Solution

The following code is tested and works fine:

import requests
from bs4 import BeautifulSoup as bs
import re

link = "https://www.slicethepie.com/login"

s = requests.Session()
r = s.get(link)  # no XSRF token in here

token_value = bs(r.text, 'html.parser').select_one('form input[name="_token"]').get('value')
payload = { "email": "[email protected]", "password": "password", "_token": token_value, 'location[latitude]': None, 'location[longitude]': None}

headers = {
    "Accept-Encoding": "gzip, deflate, br",
    "Connection": "keep-alive",
    "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36",
    "Referer": "https://www.slicethepie.com/login",
    "Origin": "https://www.slicethepie.com"
}
s.headers.update(headers)
p = s.post("https://www.slicethepie.com/login",data=payload)
print(p)
print('_________________________________________')
print(bs(p.text, 'html.parser').text)

Result in terminal:

<Response [200]>
_________________________________________

















What would you like to review? on local
 - Slice the pie











My account

Profile
Balance
Reviews
Email preferences
Change password
Close account



Notifications






                View older
            



Your balance is $0.00





Lifetime totals



0
reviews



0
friends



 
totals






                        Make a withdrawal
                    

                View transaction history
            



Star rating



This is a measure of the quality of your reviews, the more Stars you have the more you'll earn!














Review










Refer a friend

















$0.00


Privacy policy


FAQ


Terms and conditions


Contact us


About us


Log out









                    What would you like to review?
                

                    Select a category
                





Unfortunately we are unable to accept reviews from your location at this time. We will email you when the site becomes available to you.









FAQ
Privacy policy
Terms and conditions
About us





















© Shisho Data ltd 2023

Requests documentation can be found here, and for BeautifulSoup documentation, go here.