Skip to Content
Dec 26, 2013 at 06:58 PM

Integrating Python and River - CSRF problems



So I'm trying to integrate Python into River to do some testing. The only thing that makes it a bit tricky is that we have to handle XSRF/CSRF within Python and so I use the requests framework to make this easier for me.

I successfully get the X-CSRF-TOKEN and save it into local variable token. The guide then says that you pass it back in the headers. I tried it as a parameter too, and either mechanism works using Postman in Chrome.

Request execution failed due to missing or invalid XSRF token

Presumably I'm doing something wrong!


#! /usr/bin/python

import requests

import json

# First, get the X-CSRF-TOKEN


params= { 'X-CSRF-TOKEN': 'Fetch' }

auth= 'User','Password'

headers = {'Connection': 'keep-alive'}

r=requests.get(csrfurl,params=params, auth=auth, headers=headers)

params = { 'X-CSRF-TOKEN': r.headers['x-csrf-token'] }

token = r.headers['x-csrf-token']

print token


payload='{"customerId": 1, "firstName": "John", "lastName": "Appleby"}'

headers= {'Content-type': 'application/json;charset=utf-8', 'X-CSRF-TOKEN': token, 'Referer': csrfurl, 'Connection': 'keep-alive'}, data=json.dumps(payload), headers=headers, auth=auth, params=params)

print headers

print r.url

print r.headers

print r.text