NastyCore
November 15, 2020, 1:24pm
#1
(python)
however I found out that since 3-4 days ago, it gave me a keyerror when trying to get the token. So I decided to print the header and this is what I got
{'cache-control', 'content-type': 'application/json; charset=utf-8', 'server': 'Microsoft-IIS/8.5', 'x-aspnetmvc-version':, 'x-frame-options':', 'access-control-allow-credentials': , 'x-aspnet-version':, 'x-powered-by':, 'p3p':, 'date': 'Sun, 15 Nov 2020 13:21:40 GMT', 'content-length': , 'x-rblx-pop':'}
and I dont see the x-csrf-token here.
Can anybody help me?
dollychun
November 15, 2020, 1:28pm
#2
Are you using logout endpoint?
1 Like
NastyCore
November 15, 2020, 1:33pm
#3
I was using the api
https://www.roblox.com/api/item.ashx?
it no longer seems to return csrf aswell…
Do you know any other api that returns the token or other way to obtain it?
dollychun
November 15, 2020, 1:37pm
#4
I feel that endpoints that don’t need cookies no longer return csrf tokens
NastyCore
November 15, 2020, 1:37pm
#5
Do you have any idea how to obtain those in that case?
dollychun
November 15, 2020, 1:40pm
#6
auth.roblox.com/v2/logout seems to succeed.
// Includes
const getHash = require('./getHash.js').func
const http = require('./http.js').func
const cache = require('../cache')
const options = require('../options.js')
// Args
exports.optional = ['jar']
// Define
function getGeneralToken (jar) {
if (!jar && !options.jar.session) {
throw new Error('Cannot get CSRF: You are not logged in.')
}
const httpOpt = {
// This will never actually sign you out because an X-CSRF-TOKEN isn't provided, only received
url: '//auth.roblox.com/v2/logout', // REQUIRES https. Thanks for letting me know, ROBLOX...
options: {
resolveWithFullResponse: true,
method: 'POST',
jar: jar
2 Likes
NastyCore
November 15, 2020, 1:44pm
#7
my current code
import requests
cookie='fakecookie'
print(requests.post("https://auth.roblox.com/v2/logout", headers={'Cookie':cookie}).headers['X-CSRF-TOKEN'])
keyerror
https://gyazo.com/6c15cebaff1318514405083fc67b8eff
dollychun
November 15, 2020, 1:47pm
#8
NastyCore:
cookie='fakecookie'
I don’t think its need cookie, so try this:
import requests
print(requests.post("https://auth.roblox.com/v2/logout").headers['X-CSRF-TOKEN'])
NastyCore
November 15, 2020, 1:51pm
#9
Weird… doesn’t seem to work
I’ll leave this thread open for those wanting to contribute!
NachtHemd
November 15, 2020, 2:25pm
#10
Whats the response code youre getting?
NastyCore
November 15, 2020, 2:40pm
#11
Its a keyerror the same as the console picture I posted earlier
Edit: I’ll check the response code tmrw(misread)
NastyCore
November 15, 2020, 3:00pm
#12
I just checked and I’m getting the response code of 401
dollychun
November 15, 2020, 3:01pm
#13
I found problem, its need real cookie with .ROBLOSECURITY!
1 Like
NachtHemd
November 15, 2020, 3:04pm
#14
Yeah it’s probably because your cookie only has the value string and not the key string .ROBLOSECURITY as well. If youre using headers instead of cookies in python requests, you have to include both in the string as KEY=VALUE
NastyCore
November 16, 2020, 2:05am
#16
I dont see what you mean by real ROBLESECURITY…
xJon_as
January 4, 2021, 12:33pm
#17
@dollychun Have you had time to look into this in meantime?
xChris_vC
January 4, 2021, 12:39pm
#18
Probably he means with “real ROBLOSECURITY” a valid Roblox cookie. My own experiments showed that a Roblox cookie has to be available in order to get a CSRF token in return.
1 Like
airttq
January 7, 2021, 10:25pm
#19
Guys for me this didn’t work I suggest you use the logout auth api as your not really logging in or out because your using a cookie, that api returns a x-csrf-token
You can also just use https://auth.roblox.com , it will give session and ip based csrf tokens
