I am trying to make code, which comunicates with API. It updates users roblox group rank. Firstly, I wrote the code in Python. It had no problem. But then I tried to "translate" it to PHP and for some reason it doesnt return the same headers as in Python
I want to make group ranking system. For authorisation purposes, I have to set .ROBLOSECURITY cookie. But even after that I have to send one authorisation request to auth.roblox.com. After sending request to that endpoint with .ROBLOSECURITY cookie set, it will return with header X-CSRF-TOKEN. Both of these values have to be set for valid authorisation.
import requests
cookie = "_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|..."
session = requests.Session()
session.cookies[".ROBLOSECURITY"] = cookie
req = session.post(
url="https://auth.roblox.com/"
)
if "X-CSRF-Token" in req.headers:
session.headers["X-CSRF-Token"] = req.headers["X-CSRF-Token"]
This Python code does that and it works
These are headers returned when adding print(req.headers).
{'content-type': 'application/json; charset=utf-8', 'date': 'Tue, 12 Dec 2023 16:03:33 GMT', 'server': 'Kestrel', 'access-control-expose-headers': 'X-CSRF-TOKEN', 'cache-control': 'no-cache', 'transfer-encoding': 'chunked', 'x-csrf-token': 'the value', 'strict-transport-security': 'max-age=3600', 'x-frame-options': 'SAMEORIGIN', 'roblox-machine-id': '2444778a591b', 'x-roblox-region': 'us-central', 'x-roblox-edge': 'fra4', 'report-to': '{"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}', 'nel': '{"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}'}
When I have similar php script:
$curl = curl_init();
$authapi = "https://auth.roblox.com/";
$authcookie = "_|WARNING:-DO-NOT-SHARE-THIS.--Sharing-this-will-allow-someone-to-log-in-as-you-and-to-steal-your-ROBUX-and-items.|...";
curl_setopt($curl, CURLOPT_URL, $authapi);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_HEADER, true);
$cookie = ".ROBLOSECURITY=$authcookie";
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
"Content-Type: application/json", 'Cookie: ' . $cookie
));
curl_setopt($curl, CURLOPT_NOBODY, 0);
$response = curl_exec($curl);
$header_size = curl_getinfo($curl, CURLINFO_HEADER_SIZE);
$headers = substr($response, 0, $header_size);
$body = substr($response, $header_size);
echo $response;
The echo returns this.
HTTP/1.1 200 OK
content-length: 16
content-type: application/json; charset=utf-8
date: Tue, 12 Dec 2023 16:13:33 GMT
server: Kestrel
cache-control: no-cache
strict-transport-security: max-age=3600
x-frame-options: SAMEORIGIN
roblox-machine-id: 83cc37212edc
x-roblox-region: us-central
x-roblox-edge: fra4
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://ncs.roblox.com/upload"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1}
{"message":"OK"}
There is no X-CSRF-TOKEN header in there. What can be the problem? Thank you.
2
Answers
I simplified your code a little, and tried this:
It returned a x-csrf-token in the response