Not entirely true, if you look at my reply above, you can POST to that and it will throw a 403 and give a token, but when a SEC::<true> cookie is given it changes
1 Like
Ah, didn’t know that! That’s useful information 
It might be too late and more likely you’ve figured it out but here’s something for those who somehow got themselves into this thread. Just read the code and manage to figure out how it works:
Python 3.10.4
from bs4 import BeautifulSoup as htmlparser
import requests
cookies = "GuestData=guestdatacookie;.ROBLOSECURITY=roblosecuritycookie;OtherCookies=othercookievalues"
user_agent = "Google Chrome"
cookie_dict = {}
cookie_list = cookies.split(";")
for cookie in cookie_list:
cookie = cookie.strip()
cookie_name, cookie_value = cookie.split("=", 1)
cookie_dict[cookie_name] = cookie_value
http = requests.get("https://www.roblox.com/home", cookies=cookie_dict)
html = htmlparser(http.text, "html.parser")
csrf_tag = html.find("meta", {"name": "csrf-token"})
csrf_token = csrf_tag["data-token"]
print(csrf_token)
Goodluck!
2 Likes
For non-programmatic way, you can:
- Go to Roblox Home Page
- Hit CTRL + U, depends on what web browser you are using.
- Press CTRL + F and search for “csrf-token”.
You will find what you are looking for. But keep in mind that “X-CSRF-TOKEN” header changes over time and very quick.
Don’t see how this is a better solution than the logout endpoint - HTML parsing is completely unnecessary.
Has someone found a solution yet? I have been trying to fix this for the past week
1 Like