Unallowed character "|"

TheH0meLands · April 28, 2022, 9:04pm

I’m trying to make this API request where it’ll create a new dev product. My issue is that I keep on getting the error failed to make donation for reason of: Header "X-CSRF-TOKEN" has unallowed character "|" in value.

This is my request code:;

local request = httpService:RequestAsync({
				Url = string.format(
					"https://develop.roproxy.com/v1/universes/%d/developerproducts?name=324&description=s&priceInRobux=%d",
					universeId,
					amount
				),
				Method = "POST",
				Headers = {
					["X-CSRF-TOKEN"] = TOKEN,
				}
			})

Also My token is my .ROBLOSECURITY and I made sure, idk what to do so any help is appreciated!

MeCrunchAstroX · April 28, 2022, 9:20pm

As it says, It contains the “|” character inside the Token. The best thing you can do is Double-check it and if possible, Try removing it from the token by using string.match and string.sub.

TheH0meLands · April 28, 2022, 9:28pm

if I do that then it would invalidate my cookie(im pretty sure)

heII_ish · April 28, 2022, 9:41pm

The csrf token and your .ROBLOSECURITY cookie are two different things.

You can get the csrf token from the response headers if your request was declined due to a missing/expired csrf token, and your .ROBLOSECURITY should go into a different header named “Cookie”

Headers = {
    ["X-CSRF-TOKEN"] = TOKEN,
    ["Cookie"] = ".ROBLOSECURITY=" .. Cookie
}

And you shouldn’t be passing your cookie through a proxy you don’t own…

TheH0meLands · April 28, 2022, 9:55pm

Thanks, but the error still happens when I add the Cookie header. Is there anyway to solve this?

heII_ish · April 28, 2022, 10:03pm

The csrf token shouldn’t have a “|” to begin with because I’m pretty sure roblox uses tokens that only contain letters and numbers. Are you getting the token from the response headers and passing it to the headers of the new request? What does your new code look like?

(The Csrf Token is not the same as your .ROBLOSECURITY . . .)

TheH0meLands · April 28, 2022, 10:07pm

I was talking abt the Coookie header. But which endpoint would I have to use to get the CSRF token(sorry im new to http service)

Sure thing!

local httpService = game:GetService("HttpService")
local function getUniverseId(placeId:number)
	local request = httpService:RequestAsync({
		Url = string.format("https://api.roproxy.com/universes/get-universe-containing-place?placeid=%.14g", placeId)
	})
	print(httpService:JSONDecode(request.Body).UniverseId)
	return httpService:JSONDecode(request.Body).UniverseId -- decode the data from json to a table
end

local TOKEN = "my token"

game.ReplicatedStorage:WaitForChild("Donate").OnServerInvoke = function(player, amount:number)
	amount = tonumber(amount)
	if amount then
		local universeId = getUniverseId(game.PlaceId)
		local success, id = pcall(function()
			local request = httpService:RequestAsync({
				Url = string.format(
					"https://develop.roproxy.com/v1/universes/%d/developerproducts?name=324&description=s&priceInRobux=%d",
					universeId,
					amount
				),
				Method = "POST",
				Headers = {
					["Cookie"] = ".ROBLOSECURITY=" .. TOKEN,
				}
			})
			print(request.Body)
			return httpService:JSONDecode(request.Body)		
		end)
		if success and id then
			 return id
		end
		if not success then
			warn(string.format("failed to make donation for reason of: %s", id))
			return nil
		end
	end
end

thanks for all your help up to this point

heII_ish · April 28, 2022, 10:11pm

Try removing “_|WARNING:-DO-NOT-SHARE-THIS …” from the cookie and see if you still get the error message

TheH0meLands · April 28, 2022, 10:14pm

That fixes the error but now I get an Authorization has been denied for this request error now.

heII_ish · April 28, 2022, 10:18pm

Did you remove the entire thing starting from _| and ending with |_? You should only have a bunch of letters and numbers in your cookie. If you do then make sure you have the correct cookie

TheH0meLands · April 28, 2022, 10:19pm

Yes I did.

let me check again, thanks for all ur help btw

TheH0meLands · April 28, 2022, 10:20pm

I ended up having the wrong cookie. I changed it to the correct cookie but now I get a different error: Token Validation Failed

heII_ish · April 28, 2022, 10:22pm

That means your csrf token is invalid or missing, you can usually get the token from response.Headers["x-csrf-token"]

TheH0meLands · April 28, 2022, 10:23pm

thanks, now everything works fine now. Thanks for all ur help

edit: for any future readers, if you can’t get ur csrf token this way, just go to the home page and inspect then search for “csrf-token” which has the csrf token.

heII_ish · April 28, 2022, 10:31pm

Fyi, the token will eventually expire so you would either need to manually get it again everyday (or whenever it expires) or just do it programmatically like I already told you

When your request fails because of invalid token

local request = httpService:RequestAsync({
	Url = string.format(
		"https://develop.roproxy.com/v1/universes/%d/developerproducts?name=324&description=s&priceInRobux=%d",
		universeId,
		amount
	),
	Method = "POST",
	Headers = {
		["Cookie"] = ".ROBLOSECURITY=" .. TOKEN,
	}
})

You should be able to get the csrf token that the server generated for you like so

local CsrfToken = request.Headers["x-csrf-token"]

And then reissue the same exact request with the new token in the headers

local request = httpService:RequestAsync({
	Url = string.format(
		"https://develop.roproxy.com/v1/universes/%d/developerproducts?name=324&description=s&priceInRobux=%d",
		universeId,
		amount
	),
	Method = "POST",
	Headers = {
		["Cookie"] = ".ROBLOSECURITY=" .. TOKEN,
		["x-csrf-token"] = CsrfToken
	}
})

Also, you should probably change the name of the variable that holds the response data from “request” to “response” so you don’t get confused later on (because it’s response data from the server, not a request)