I’m trying to get the list of owners for a limited item using the Inventory API. The problem is, the “owner” key returns nil if viewed by a guest user. How do I properly pass in a cookie to complete this request?
What’s the script you’re using currently that returns nil?
I am not sure about this, but you need pass a header called cookie in RequestAsync
local cookie = ""
local response = HttpService:RequestAsync(
{
Url = "http://roblox.com",
Method = "GET",
Headers = {
["cookie"] = ".ROBLOSECURITY=" ..cookie
},
})
print(response.Body)
It appears sending the ROBLOSECURITY token in the value of the cookie header returns this error.
Header "cookie" has unallowed character "|" in value
This is true, but you can easily bypass this using a proxy such as rproxy.xyz (although I wouldn’t pass a cooke through a public proxy).
Make sure that the .ROBLOSECURITY
value you’re trying to send is exact, you also do not need the warning (inbetween and including the _| and |_) in the value.
also make sure the value isn’t being sent as .ROBLOSECURITY=.ROBLOSECURTY=(...)
Do not send your ROBLOSECURITY through a proxying service unless you yourself host it. I wouldn’t trust any free proxying service not to track requests, just as a general security best practice, even though I don’t necessarily think this specific one is malicious.
You do; that’s part of the cookie. The special characters like |
need to be properly escaped, though.
To add onto what rogchamp was saying:
rprxy is open source. Even if it’s open source, you can’t really trust that their website is using the open source code or know what’s going on behind the scenes. However because it is open source you can use it to host your own proxy server. I’ve read through the source code and there’s nothing suspicious. Seems like a solid project.
yes, it may still be part of the cookie but Roblox’s webserver still ignores it anyways. I’ve tested this on a browser and application level, still authenticated with and without the warning.
My script is now working as intended after I removed the warning. Thanks for the help.