0

I'm trying to make a POST request script in Python which will send data to database automatically. Since my web application (made in Django) is still in progress (on localhost) I tried to send this POST request from another computer on same network via IPv4:port.

While doing this I get HTTP Error 500: Internal server error with traceback to the line "response = urllib2.urlopen(req)" My script looks like this:

import urllib, urllib2, cookielib
import re

cookie_jar = cookielib.CookieJar()
opener = urllib2.build_opener(urllib2.HTTPCookieProcessor(cookie_jar))
urllib2.install_opener(opener)

url_1 = 'http://192.168.1.104:8000/legacy'
req = urllib2.Request(url_1)
rsp = urllib2.urlopen(req)


url_2 = 'http://192.168.1.104:8000/legacy'
params = {
    'temperature_max' : '186',
    'temperature_min' : '88',
    'submit': 'Submit',
    }

data = urllib.urlencode(params)
req = urllib2.Request(url_2, data)
response = urllib2.urlopen(req)
the_page = response.read()
pat = re.compile('Title:.*')
print pat.search(the_page).group()

On the other computer that is hosting the server I get the following error:

    Exception happened during processing of request from ('192.168.1.65', 56996)
    Traceback (most recent call last):
  File "c:\python27\Lib\SocketServer.py", line 599, in process_request_thread
self.finish_request(request, client_address)
  File "c:\python27\Lib\SocketServer.py", line 334, in finish_request
self.RequestHandlerClass(request, client_address, self)
  File "C:\Users\Alex\Envs\rango\lib\site-packages\django\core\servers\basehttp.
py", line 129, in __init__
super(WSGIRequestHandler, self).__init__(*args, **kwargs)
  File "c:\python27\Lib\SocketServer.py", line 657, in __init__
self.finish()
  File "c:\python27\Lib\SocketServer.py", line 716, in finish
self.wfile.close()
  File "c:\python27\Lib\socket.py", line 283, in close
self.flush()
  File "c:\python27\Lib\socket.py", line 307, in flush
self._sock.sendall(view[write_offset:write_offset+buffer_size])
error: [Errno 10054] An existing connection was forcibly closed by the remote host

EDIT: I'd like to let you know that I can post data from the other computer to my database if I connect to my app with my browser.

user3053452
  • 657
  • 9
  • 35
  • Where did the CSRF token come from? Are you sure it is valid? – jsfan Feb 23 '16 at 11:37
  • Since it's my web app, I went to the page where I want to insert data, clicked "view source" and it was there in form. – user3053452 Feb 23 '16 at 11:42
  • That token is likely linked to a session. However, you are not copying the session cookie across which would make it invalid. – jsfan Feb 23 '16 at 11:44
  • Now that you say it, I checked the token I used and the token displayed in source, and they indeed are different. If I remove the token from my script I still get the same error, so what would you suggest me to do? – user3053452 Feb 23 '16 at 11:48
  • You can't just remove the token. You would have to make the method `@csrf_exempt` in your backend then. Fetch the form, extract the CSRF token and post the form. Of course, you will need to keep the session cookie across the requests. Have a read through [the docs](https://docs.djangoproject.com/en/1.9/ref/csrf/) to understand what CSRF tokens are and what they do. – jsfan Feb 23 '16 at 11:50
  • That it also fails in the same way when the CSRF token is _not_ presented indicates that the failure has nothing to do with CSRF. (Nevertheless you need to use a valid CSRF token.) Are you using the Django development server? Is there anything front-ending it, e.g. Apache, or perhaps a web application firewall that is objecting to the request? If so take a look in the logs of those intermediate servers – mhawke Feb 23 '16 at 12:08
  • yes I'm using Django's development server. I don't see anything that would be front-ending it, or I do not know where to look for this. – user3053452 Feb 23 '16 at 12:17
  • I edited my script, could both of you check it if it's ok, since I'm unsure about it, either way I still get http error 500. Just to be sure I even turned off firewall on both comps to see if this might be the cause, but it didn't help. – user3053452 Feb 24 '16 at 09:11

1 Answers1

0

You will need to get a session cookie and then read the generated cookie for that session.

The best way to go about that is to fetch the page with the form first, saving all cookies. You can use cookielib for that as demonstrated here. If you want to make life easier for yourself, use requests as well instead of urllib. The code then becomes a lot simpler.

To get the CSRF token, you can scrape the form page with BeautifulSoup. There are lots of tutorials for this which you can easily find on Google.

Community
  • 1
  • 1
jsfan
  • 1,333
  • 9
  • 20
  • I don't think that it's the CSRF token... if that were missing or unmatched HTTP response 403 would be returned, not 500. – mhawke Feb 23 '16 at 12:10
  • I would also expect another error code. But, if the CSRF token is invalid, it would definitely be firs suspect until ruled out. I have seen Django do strange things more than once. – jsfan Feb 23 '16 at 12:11
  • Are not requests from python 3.x? I am using 2.7, furthermore I still get the same error. – user3053452 Mar 02 '16 at 11:38