HttpService Request not working

Help and Feedback Scripting Support
#1

Hello,Developers

Is there anything wrong with my script because the script told me to specify a header and I did it it even told me Missing required request header. Must specify one of: origin, x-requested-with and I did as you can see in this script

local Module = {}
	
	local HttpService = game:GetService("HttpService");
	local Proxy = "https://cors-anywhere.herokuapp.com/"
	function Module:GetApi(Link)
		
		local Data = {
		    Url = Proxy..Link;
		    Method = "GET";
		    Headers = 
		    {
		        ["x-requested-with"] = "XMLHttpRequest";
		    };
		};

		local Success,Respond = pcall(HttpService.RequestAsync,HttpService,Data)
		if not (Success) then
			warn("Something went wrong : "..tostring(Respond));
			return;
		end
		if (Respond == nil) then
			warn("We did not receive any data from this website : "..Link);
			return;
		end
		for i,v in next,Respond do
			print(i)
			print(v)
		end
		if(Respond and Success and Respond.StatusCode == 200) then
			return Respond;
		end
	end
return Module

And when I added that header and tested my game this is what I got in output.
image

Does anyone know how to solve it?

Need help with string.match()
#2

The first point to be aware of is that this is not a HTTP protocol requirement and you are not doing anything wrong from the HTTP protocol’s prospective. However, herokuapp has some application level rules that you need to adhere to. As explained on their top level directory index page:

Now normally the Origin header is protected by browsers to prevent cross site scripting attacks. Browsers wont allow you edit it for security reasons; however, Roblox allows you to set this header. The question then becomes, “what should I set the origin header to?” It seems like you should be able to set this header to anything and the only quality of the header that is important is its presence. This is a CORS proxy, meaning it is supposed to allow Cross-Origin-Resource-Sharing so the origin shouldn’t restrict access to resources. In addition, XMLHttpRequests are a common method of sending requests (used in javascript in browsers to allow AJAX and similar requests) and the header you have is also valid. Which leads me to my conclusion:

Nothing is ‘wrong’ with your script.

However, the website you are trying to access (not shown here) does have a beef with your script. It is likely, that the server which you are contacting requires some form of authentication which your script has not provided. If you are trying to access an authenticated Roblox endpoint then you will have trouble because Roblox uses cookies for authentication which the CORS-anywhere documentation mentioned above says this about:

Other forms of authentication may be using a unique URL, headers, URL parameters, or in some cases a special payload format (URL or JSON encoded perhaps).

So, what server are you trying to access?

Edit: Also, could you post the contents of the ‘Headers’ table in the response dictionary? While 403 errors are supposed to return a reason in the body of the request as stated in RFC 7231 6.5.3, some servers put additional information in the response headers. Our response body is empty, so hopefully the headers provide some information.

1 Like
#3

image
image796×513 10.1 KB

#4

I am trying to get users profile description.

local Players = game:GetService("Players");
local Module = require(script.HttpService);

Players.PlayerAdded:Connect(function(plr)
	local Profile = Module:GetApi("https://cors-anywhere.herokuapp.com/https://www.roblox.com/users/"..plr.UserId.."/profile");
	print(string.match(Profile,"Join Date<p class=text-lead>(.*?)<li"))
end)
#5

Ah, after some testing I figured out the problem. When a request is sent to Roblox with the Roblox-ID header set (automatically sent from studio / game servers and cannot be changed) then the server always responds with a 403. To fix this, you’ll need to either not access the Roblox website from within Roblox (as they want) or use a proxy which strips this header. I’ve heard good things of https://rprxy.xyz

1 Like
#6

Can you give me simple example?

I am straggling a little bit.

1 Like
#7

For this proxy, you just replace roblox.com with rprxy.xyz. I believe it works for subdomains as well. Here is your original script edited to use it:

local Module = {}
	
	local HttpService = game:GetService("HttpService");
	local Proxy = "https://rprxy.xyz/"
	function Module:GetApi(Link)
		
		local Data = {
		    Url = Proxy..Link;
		};

		local Success,Respond = pcall(HttpService.RequestAsync,HttpService,Data)
		if not (Success) then
			warn("Something went wrong : "..tostring(Respond));
			return;
		end
		if (Respond == nil) then
			warn("We did not receive any data from this website : "..Link);
			return;
		end
		for i,v in next,Respond do
			print(i)
			print(v)
		end
		if(Respond and Success and Respond.StatusCode == 200) then
			return Respond;
		end
	end
return Module

The link would just be ‘users/963188195/profile’

3 Likes