Comments (3)
hadley
commented on May 19, 2024
I'm pretty sure that this is an https security thing - https requests do not include referers.
from httr.
br00t999
commented on May 19, 2024
You're right in that the relevant RFC prohibits passing of a Referer header from an HTTPS to an HTTP url. However, part of the CSRF protections included in the Django web app framework include strict HTTPS referer checking ( see: https://docs.djangoproject.com/en/dev/ref/contrib/csrf/ ):
"In addition, for HTTPS requests, strict referer checking is done by CsrfViewMiddleware. This is necessary to
address a Man-In-The-Middle attack that is possible under HTTPS when using a session independent nonce,
due to the fact that HTTP ‘Set-Cookie’ headers are (unfortunately) accepted by clients that are talking to a site
under HTTPS. (Referer checking is not done for HTTP requests because the presence of the Referer header is
not reliable enough under HTTP.)"
I haven't dug into the code, but I imagine the filter you're referring to would be somewhere in the RCurl package. I'll try to hack around it :-)
from httr.
hadley
commented on May 19, 2024
It might actually be built into curl - I'd see if you can repeat the behaviour from the command line. But it's possible what you are trying to do is exactly what django is trying to stop you from doing ;)
from httr.
Related Issues (20)
- httr POST is failing timeout
- Error in curl fetch memory port 443 timed out HOT 1
- POST request returns XML rather than JSON HOT 1
- Release httr 1.4.4
- Error in retry doc
- Can't POST image usign httr HOT 1
- POST request containing dollar sign blocked when content_type_json() is applied HOT 1
- more docs on creating a complex request body HOT 1
- Add mime type qs::qread() to httr::content() HOT 1
- lexical error: invalid char in json text. HOT 1
- GET request with an empty header HOT 1
- Vectorise functions HOT 1
- Can't get content for FTP directory listing HOT 4
- OAuth callback url is encoded while it shouldn't.
- R CMD check failure on musl-based systems HOT 1
- Release httr 1.4.5
- is.character(headers) is not TRUE HOT 1
- httr & use_proxy vs RCurl behaviour difference HOT 1
- Forbidden with httr, but works with py requests HOT 7
- Release httr 1.4.6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from httr.