Using PHP cURL to get CSRF-Token from URL and post it to another URL within the same session

问题

I'm trying to create a queue system based on information gathered from supermariomakerbookmark.nintendo.net website. First, I make a GET request in the URL https://supermariomakerbookmark.nintendo.net/courses/7E00-0000-0220-574B to find the CSRF-Token, present in the field:

<meta name="csrf-token" content="xxxxxx">

After that, I need to make a POST request to https://supermariomakerbookmark.nintendo.net/courses/7E00-0000-0220-574B/play_at_later, passing the CSRF-Token and the Cookie in the Header. The cookie is provided by the user, and it is retrieved from the database.

Here is my code:

$cookie = DB::table('CONFIG')->select('cookies')->first()->cookies;

// get csrf token
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://supermariomakerbookmark.nintendo.net/courses/$id");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
$html = curl_exec($ch);

$dom = new \DOMDocument();
libxml_use_internal_errors(true);
$dom->loadHTML($html);

$metas = $dom->getElementsByTagName('meta');

for ($i = 0; $i < $metas->length; $i++){
  $meta = $metas->item($i);
  if($meta->getAttribute('name') == 'csrf-token')
    $csrfToken = $meta->getAttribute('content');
}

$headers = array();
$headers[] = "X-CSRF-Token: $csrfToken";
$headers[] = "Cookie: $cookie";

curl_setopt($ch, CURLOPT_URL, "https://supermariomakerbookmark.nintendo.net/courses/$id/play_at_later");
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $headers);

$ret = curl_exec($ch);

But it's not working, The curl POST request is returning a custom 500 error page instead of the 200 OK. I'm executing this code inside a Controller in Laravel.

If I try to make the POST request using Postman, it works. Ant ideia on how to make it work?

回答1:

I had a similar problem with another webservice. In my case the problem was the name of the header.

Try to change this code and test it:

$headers = array();
$headers[] = "Cookie: X-CSRF-Token=$csrfToken";
$headers[] = "Cookie: X-CSRF-Token=$cookie";

来源：https://stackoverflow.com/questions/39107375/using-php-curl-to-get-csrf-token-from-url-and-post-it-to-another-url-within-the