Roblox blocks HttpService requests that go to the Roblox domain (see HttpService Restrictions). The only way you’d be able to do this from within Roblox is to go through a proxy server.
I did a little bit of testing, and it seems like the problem is that the __RequestVerificationToken cookie also needs to be set, otherwise it will return a 500 error.
Edit: did some more digging, and looks like to get that cookie, you can send a GET request to https://www.roblox.com/develop, and it will return that cookie. Then you can send the request to https://www.roblox.com/build/upload?assetTypeId=13 with the cookies it returned.
Is there a reason for this? Being able to use HttpService requests could be very useful in some cases. A use case would be promoting a user in a group automatically after they finish a certain task.
It is not returning any cookie for me. Just the HTML content of the page. Could you give me an example of how I would pass the image from a directory, to the upload url?
Hello everyone,
I’ve had multiple people asking me via DMs if I ever figured out how to do this. I actually did come up with a solution to this a while back, when I was helping out EgoMoose with a project. I must have forgotten about this unsolved post I made though.
Here is the slab of python code I came up with:
import requests
import os
from bs4 import BeautifulSoup
from time import sleep
import urllib3; urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
class DecalClass():
def __init__(self, cookie, location, name):
self.goose = requests.Session()
self.goose.cookies.update({
'.ROBLOSECURITY': cookie #set .ROBLOSECURITY cookie for authentication
})
self.goose.headers.update({
"User-Agent": "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134", #might as well use a User Agent
})
self.location = location
self.name = name
def getToken(self): #get verification token function
homeurl= 'https://www.roblox.com/build/upload' #this is the upload endpoint
response = self.goose.get(homeurl, verify=False)
try:
soup = BeautifulSoup(response.text, "lxml")
veri = soup.find("input", {"name" : "__RequestVerificationToken"}).attrs["value"] #parse out the verification token from the HTML
except NameError:
print(NameError)
return False
return veri
def upload(self):
files = {'file': ('lol.png', open(self.location, 'rb'), 'image/png')} #add our image as files data
data = {
'__RequestVerificationToken': self.getToken(),
'assetTypeId': '13', #we use assetTypeId '13' because 13 is the id for Decals
'isOggUploadEnabled': 'True',
'isTgaUploadEnabled': 'True',
'onVerificationPage': "False",
"captchaEnabled": "True",
'name': self.name
}
try:
response = self.goose.post('https://www.roblox.com/build/upload', files=files, data=data) #make the request
except:
print("error is making request")
#here are the things you must change
ROBLOSECURITY = "" # You also need to be authenticated into the account you want to upload the Decal from. This can be done by passing the .ROBLOSECURITY associated with your cookie as data in your request, as I done in this code.
filelocation = "cookie.png" #this is the directory to your image to upload. Note that the image must be in the same directory as this .py file.
name = "yummy cookie"
Decal = DecalClass(ROBLOSECURITY, filelocation, name)
Decal.upload()
For the code above to work, you’ll want to have your image in the same directory as the .py file containing the code above.
When the code in your .py is run, your image will be uploaded to the roblox site.
Should have picked a image with a more square aspect ratio. Now we have a squished cookie
Sorry that I forgot to come back to this post! Hopefully this example proves useful to those still trying to figure this out.