Roblox new way of getting x-csrf-token?

Not entirely true, if you look at my reply above, you can POST to that and it will throw a 403 and give a token, but when a SEC::<true> cookie is given it changes

1 Like

Ah, didn’t know that! That’s useful information :upside_down_face:

It might be too late and more likely you’ve figured it out but here’s something for those who somehow got themselves into this thread. Just read the code and manage to figure out how it works:

Python 3.10.4

from bs4 import BeautifulSoup as htmlparser
import requests

cookies = "GuestData=guestdatacookie;.ROBLOSECURITY=roblosecuritycookie;OtherCookies=othercookievalues"
user_agent = "Google Chrome"

cookie_dict = {}
cookie_list = cookies.split(";")
for cookie in cookie_list:
    cookie = cookie.strip()
    cookie_name, cookie_value = cookie.split("=", 1)
    cookie_dict[cookie_name] = cookie_value

http = requests.get("https://www.roblox.com/home", cookies=cookie_dict)
html = htmlparser(http.text, "html.parser")
csrf_tag = html.find("meta", {"name": "csrf-token"})
csrf_token = csrf_tag["data-token"]

print(csrf_token)

Goodluck!

2 Likes

For non-programmatic way, you can:

  • Go to Roblox Home Page
  • Hit CTRL + U, depends on what web browser you are using.
  • Press CTRL + F and search for “csrf-token”.

You will find what you are looking for. But keep in mind that “X-CSRF-TOKEN” header changes over time and very quick.

Don’t see how this is a better solution than the logout endpoint - HTML parsing is completely unnecessary.

Has someone found a solution yet? I have been trying to fix this for the past week

1 Like