Python 请求 WWW-Authenticate 在 headers 中丢失
Python requests WWW-Authenticate missing in headers
我正在尝试使用 Python 的请求库在 GET 请求后访问 WWW-Authenticate header。当我在 Postman 中执行此操作时,它 returns 它但在 Python 中它没有。
Python:
import requests
from requests.auth import HTTPBasicAuth
headers = {
# "Python-Token": "<calculated when request is sent>",
# "Host": "<calculated when request is sent>",
"Accept": "application/json, */*",
"User-Agent": "PythonRuntime/3.9.7",
# "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36",
"Accept-Encoding": "gzip, deflate, br",
"Connection": "keep-alive",
"Access-Control-Expose-Headers": "x-WWW-Authenticate",
'x-requested-with': 'XMLHttpRequest',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
"Authorization": "Bearer"
}
site = "https://YourSPOSiteURL/_vti_bin/client.svc/"
auth = HTTPBasicAuth('something@email.com', 'somepasswordhere')
headers = dict( requests.get(f"{site}/_vti_bin/client.svc/", auth=auth).headers )
headers:
{'Cache-Control': 'private, max-age=0',
'Content-Length': '0',
'Content-Security-Policy': "frame-ancestors 'self' teams.microsoft.com "
'*.teams.microsoft.com *.skype.com '
'*.teams.microsoft.us local.teams.office.com '
'*.powerapps.com *.yammer.com '
'*.officeapps.live.com *.office.com '
'*.stream.azure-test.net *.microsoftstream.com '
'*.dynamics.com;',
'Date': 'Fri, 04 Feb 2022 14:53:16 GMT',
'Expires': 'Thu, 20 Jan 2022 14:53:16 GMT',
'Last-Modified': 'Fri, 04 Feb 2022 14:53:16 GMT',
'MS-CV': 'xxxxxxxxxxxxx.0',
'MicrosoftSharePointTeamServices': 'xx.x.x.xxxxx',
'P3P': 'CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR '
'SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"',
'SPRequestGuid': '697da8340-a0d3-30123-9fc9-98c88419387426',
'Server': 'Microsoft-IIS/10.0',
'Strict-Transport-Security': 'max-age=31536000',
'Vary': 'Origin',
'X-AspNet-Version': '4.0.xxxxx',
'X-Content-Type-Options': 'nosniff',
'X-FRAME-OPTIONS': 'SAMEORIGIN',
'X-MS-InvokeApp': '1; RequireReadOnly',
'X-Powered-By': 'ASP.NET',
'X-SharePointHealthScore': '2',
'request-id': '697da8340-a0d3-30123-9fc9-98c88419387426'}
邮递员:
我已经尝试了我能找到的每个 headers 参数,但似乎无法 return 我需要的 WWW-Authenticate 响应 header...任何帮助将不胜感激。
编辑:
在 Postman 中,它看起来是 headers get 请求中的 Host 键,它在响应 headers 中生成 WWW-Authenticate。当我删除它时(在邮递员中)我在响应 headers 中只得到少数 headers。但是我如何在 Python 的请求库中复制它?
这是将鼠标悬停在 GET 中的 Host header 上时显示的内容:
将请求headers传递给服务器:
# requests.get(f"{site}/_vti_bin/client.svc/", auth=auth)
requests.get(f"{site}/_vti_bin/client.svc/", headers=headers, auth=auth)
您在发送请求时没有使用 header 的字典。
您可以轻松调试访问请求时实际发送的内容属性,而无需其他软件
response = requests.get(
f"{site}/_vti_bin/client.svc/",
auth=('something@email.com', 'somepasswordhere'),
headers=headers,
)
print(response.request.headers)
print(response.headers)
因此您可以检查所有这些额外的 header(但不包括主机 header https://whosebug.com/a/57771006/11715259)
见https://docs.python-requests.org/en/latest/user/advanced/#prepared-requests
但是,我真的建议您习惯于使用反向代理进行调试。
https://mitmproxy.org/ 非常适合这个,如果您只使用 http 协议,它比 tcpdump/wireshark 有趣得多。
When I do this in Postman it returns it but in Python, it doesn't.
您只将基本身份验证参数传递给您的请求。
您应该提供由 Postman 设置的 headers 以获得类似的响应。
import requests
headers = {
"Accept": "application/json, */*",
"User-Agent": "PythonRuntime/3.9.7",
"Accept-Encoding": "gzip, deflate, br",
"Connection": "keep-alive",
"Access-Control-Expose-Headers": "x-WWW-Authenticate",
"x-requested-with": "XMLHttpRequest",
"sec-fetch-site": "same-origin",
"sec-fetch-mode": "cors",
"Authorization": "Bearer <token>"
}
response = requests.get(
url="https://YourSPOSiteURL/_vti_bin/client.svc/",
auth=("something@email.com", "somepasswordhere"),
headers=headers
)
print(response.headers.get("WWW-Authenticate"))
我正在尝试使用 Python 的请求库在 GET 请求后访问 WWW-Authenticate header。当我在 Postman 中执行此操作时,它 returns 它但在 Python 中它没有。
Python:
import requests
from requests.auth import HTTPBasicAuth
headers = {
# "Python-Token": "<calculated when request is sent>",
# "Host": "<calculated when request is sent>",
"Accept": "application/json, */*",
"User-Agent": "PythonRuntime/3.9.7",
# "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36",
"Accept-Encoding": "gzip, deflate, br",
"Connection": "keep-alive",
"Access-Control-Expose-Headers": "x-WWW-Authenticate",
'x-requested-with': 'XMLHttpRequest',
'sec-fetch-site': 'same-origin',
'sec-fetch-mode': 'cors',
"Authorization": "Bearer"
}
site = "https://YourSPOSiteURL/_vti_bin/client.svc/"
auth = HTTPBasicAuth('something@email.com', 'somepasswordhere')
headers = dict( requests.get(f"{site}/_vti_bin/client.svc/", auth=auth).headers )
headers:
{'Cache-Control': 'private, max-age=0',
'Content-Length': '0',
'Content-Security-Policy': "frame-ancestors 'self' teams.microsoft.com "
'*.teams.microsoft.com *.skype.com '
'*.teams.microsoft.us local.teams.office.com '
'*.powerapps.com *.yammer.com '
'*.officeapps.live.com *.office.com '
'*.stream.azure-test.net *.microsoftstream.com '
'*.dynamics.com;',
'Date': 'Fri, 04 Feb 2022 14:53:16 GMT',
'Expires': 'Thu, 20 Jan 2022 14:53:16 GMT',
'Last-Modified': 'Fri, 04 Feb 2022 14:53:16 GMT',
'MS-CV': 'xxxxxxxxxxxxx.0',
'MicrosoftSharePointTeamServices': 'xx.x.x.xxxxx',
'P3P': 'CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR '
'SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"',
'SPRequestGuid': '697da8340-a0d3-30123-9fc9-98c88419387426',
'Server': 'Microsoft-IIS/10.0',
'Strict-Transport-Security': 'max-age=31536000',
'Vary': 'Origin',
'X-AspNet-Version': '4.0.xxxxx',
'X-Content-Type-Options': 'nosniff',
'X-FRAME-OPTIONS': 'SAMEORIGIN',
'X-MS-InvokeApp': '1; RequireReadOnly',
'X-Powered-By': 'ASP.NET',
'X-SharePointHealthScore': '2',
'request-id': '697da8340-a0d3-30123-9fc9-98c88419387426'}
邮递员:
我已经尝试了我能找到的每个 headers 参数,但似乎无法 return 我需要的 WWW-Authenticate 响应 header...任何帮助将不胜感激。
编辑:
在 Postman 中,它看起来是 headers get 请求中的 Host 键,它在响应 headers 中生成 WWW-Authenticate。当我删除它时(在邮递员中)我在响应 headers 中只得到少数 headers。但是我如何在 Python 的请求库中复制它?
这是将鼠标悬停在 GET 中的 Host header 上时显示的内容:
将请求headers传递给服务器:
# requests.get(f"{site}/_vti_bin/client.svc/", auth=auth)
requests.get(f"{site}/_vti_bin/client.svc/", headers=headers, auth=auth)
您在发送请求时没有使用 header 的字典。
您可以轻松调试访问请求时实际发送的内容属性,而无需其他软件
response = requests.get(
f"{site}/_vti_bin/client.svc/",
auth=('something@email.com', 'somepasswordhere'),
headers=headers,
)
print(response.request.headers)
print(response.headers)
因此您可以检查所有这些额外的 header(但不包括主机 header https://whosebug.com/a/57771006/11715259)
见https://docs.python-requests.org/en/latest/user/advanced/#prepared-requests
但是,我真的建议您习惯于使用反向代理进行调试。
https://mitmproxy.org/ 非常适合这个,如果您只使用 http 协议,它比 tcpdump/wireshark 有趣得多。
When I do this in Postman it returns it but in Python, it doesn't.
您只将基本身份验证参数传递给您的请求。
您应该提供由 Postman 设置的 headers 以获得类似的响应。
import requests
headers = {
"Accept": "application/json, */*",
"User-Agent": "PythonRuntime/3.9.7",
"Accept-Encoding": "gzip, deflate, br",
"Connection": "keep-alive",
"Access-Control-Expose-Headers": "x-WWW-Authenticate",
"x-requested-with": "XMLHttpRequest",
"sec-fetch-site": "same-origin",
"sec-fetch-mode": "cors",
"Authorization": "Bearer <token>"
}
response = requests.get(
url="https://YourSPOSiteURL/_vti_bin/client.svc/",
auth=("something@email.com", "somepasswordhere"),
headers=headers
)
print(response.headers.get("WWW-Authenticate"))