0

我正在尝试使用 Python 的请求库在 GET 请求后访问 WWW-Authenticate 标头。当我在 Postman 中执行此操作时,它会返回它,但在 Python 中它不会。

Python:

import requests
from requests.auth import HTTPBasicAuth

headers = {
    # "Python-Token": "<calculated when request is sent>",
    # "Host": "<calculated when request is sent>",
    "Accept": "application/json, */*", 
    "User-Agent": "PythonRuntime/3.9.7",
    # "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.106 Safari/537.36",
    "Accept-Encoding": "gzip, deflate, br", 
    "Connection": "keep-alive", 
    "Access-Control-Expose-Headers": "x-WWW-Authenticate",
    'x-requested-with': 'XMLHttpRequest',
    'sec-fetch-site': 'same-origin',
    'sec-fetch-mode': 'cors',
    "Authorization": "Bearer"
}
site = "https://YourSPOSiteURL/_vti_bin/client.svc/"
auth = HTTPBasicAuth('something@email.com', 'somepasswordhere')
headers = dict( requests.get(f"{site}/_vti_bin/client.svc/", auth=auth).headers )

headers

{'Cache-Control': 'private, max-age=0',
 'Content-Length': '0',
 'Content-Security-Policy': "frame-ancestors 'self' teams.microsoft.com "
                            '*.teams.microsoft.com *.skype.com '
                            '*.teams.microsoft.us local.teams.office.com '
                            '*.powerapps.com *.yammer.com '
                            '*.officeapps.live.com *.office.com '
                            '*.stream.azure-test.net *.microsoftstream.com '
                            '*.dynamics.com;',
 'Date': 'Fri, 04 Feb 2022 14:53:16 GMT',
 'Expires': 'Thu, 20 Jan 2022 14:53:16 GMT',
 'Last-Modified': 'Fri, 04 Feb 2022 14:53:16 GMT',
 'MS-CV': 'xxxxxxxxxxxxx.0',
 'MicrosoftSharePointTeamServices': 'xx.x.x.xxxxx',
 'P3P': 'CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR '
        'SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"',
 'SPRequestGuid': '697da8340-a0d3-30123-9fc9-98c88419387426',
 'Server': 'Microsoft-IIS/10.0',
 'Strict-Transport-Security': 'max-age=31536000',
 'Vary': 'Origin',
 'X-AspNet-Version': '4.0.xxxxx',
 'X-Content-Type-Options': 'nosniff',
 'X-FRAME-OPTIONS': 'SAMEORIGIN',
 'X-MS-InvokeApp': '1; RequireReadOnly',
 'X-Powered-By': 'ASP.NET',
 'X-SharePointHealthScore': '2',
 'request-id': '697da8340-a0d3-30123-9fc9-98c88419387426'}

邮差: 在此处输入图像描述

我已经尝试了我能找到的每个标头参数,但似乎无法返回我需要的 WWW-Authenticate 响应标头......任何帮助将不胜感激。

编辑:

在 Postman 中,它看起来是在响应标头中Host生成的标头获取请求中的关键。WWW-Authenticate当我(在 Postman 中)删除它时,我在响应标头中只得到了少数标头。但是我将如何在 Python 的 requests 库中复制它呢?

这是将鼠标悬停在Host标题上时所说的内容GET在此处输入图像描述

4

3 回答 3

1

将请求传递headers给服务器:

# requests.get(f"{site}/_vti_bin/client.svc/", auth=auth)
requests.get(f"{site}/_vti_bin/client.svc/", headers=headers, auth=auth)
于 2022-02-08T01:20:40.257 回答
1

发送请求时您没有使用该标头字典。

您可以轻松调试实际发送的内容,从您获得的响应中访问请求属性,而无需其他软件

response = requests.get(
    f"{site}/_vti_bin/client.svc/",
    auth=('something@email.com', 'somepasswordhere'),
    headers=headers,
)
print(response.request.headers)
print(response.headers)

因此您可以检查所有这些附加标头(但不能检查主机标头https://stackoverflow.com/a/57771006/11715259

请参阅https://docs.python-requests.org/en/latest/user/advanced/#prepared-requests

然而,我真的建议您习惯于使用反向代理进行调试。

https://mitmproxy.org/非常适合这个,如果你只使用 http 协议,它比 tcpdump/wireshark 好玩得多。

于 2022-02-08T06:08:06.713 回答
1

当我在 Postman 中执行此操作时,它会返回它,但在 Python 中,它不会。

您仅将基本身份验证参数传递给您的请求。您应该提供headersPostman 设置的对象以获得类似的响应。

import requests


headers = {
    "Accept": "application/json, */*",
    "User-Agent": "PythonRuntime/3.9.7",
    "Accept-Encoding": "gzip, deflate, br",
    "Connection": "keep-alive",
    "Access-Control-Expose-Headers": "x-WWW-Authenticate",
    "x-requested-with": "XMLHttpRequest",
    "sec-fetch-site": "same-origin",
    "sec-fetch-mode": "cors",
    "Authorization": "Bearer <token>"
}

response = requests.get(
   url="https://YourSPOSiteURL/_vti_bin/client.svc/",
   auth=("something@email.com", "somepasswordhere"),
   headers=headers
)

print(response.headers.get("WWW-Authenticate"))
于 2022-02-08T09:35:57.100 回答