Re: Bug in LWP? Missing cookie

Any insights into why UserAgent isn't grabbing the csrf cookie

That will be because the server isn't sending it:

$ HEAD https://panel.dreamhost.com/
200 OK
Connection: close
Date: Fri, 03 Aug 2018 12:38:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 3570
Content-Type: text/html; charset=ISO-8859-1
Client-Date: Fri, 03 Aug 2018 12:38:47 GMT
Client-Peer: 66.33.205.234:443
Client-Response-Num: 1
Client-SSL-Cert-Issuer: /C=US/ST=New Jersey/L=Jersey City/O=The USERTR
+UST Network/CN=USERTrust RSA Domain Validation Secure Server CA
Client-SSL-Cert-Subject: /OU=Domain Control Validated/OU=Provided by N
+ew Dream Network, LLC/OU=DreamHost Basic Wildcard SSL/CN=*.dreamhost.
+com
Client-SSL-Cipher: ECDHE-RSA-AES128-GCM-SHA256
Client-SSL-Socket-Class: IO::Socket::SSL
Set-Cookie: sh=uNdHXzI1jn8W6e_vwHeygjmCKkWEot6H8e-dVpMZcB60qqJallOrUn-
+2KlZ3; domain=panel.dreamhost.com; path=/; expires=Mon, 31-Jul-2028 0
+5:38:47 GMT; secure; HttpOnly
X-Frame-Options: DENY
[download]

Comment on Re: Bug in LWP? Missing cookie Download Code

Replies are listed 'Best First'.
Re^2: Bug in LWP? Missing cookie by bliako (Abbot) on Aug 03, 2018 at 12:47 UTC
Maybe the cookie is set after logging in?	[reply]
Re^2: Bug in LWP? Missing cookie by BernieC (Pilgrim) on Aug 03, 2018 at 15:44 UTC
I've now compared the POST that Firefox did with the POST that LWP did and there are no differences in the body of the message just the form fields NO difference in cookies {Dreamhost puts the csrf cookie in later... } So I checked all the headers. Every one I send FF sends. But FF sends, additionally httpVersion, host, User-Agent [FF sends "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:61.0) Gecko/20100101 Firefox/61.0, I just send Mozilla/5.0'), Acccept... , Accept-Language, Accept-Encoding, Content-type, Content-Length [LWP sent 'content-length' => 0, DNT, Connection, and Upgrade-Insecure-Requests. Do any of those sound like show stoppers for a picky server-login-CGI? I guess it must be one of those, because the cookie and form data is the same, so it can only be the headers. {even if it were a js problem, that would show up in differences between when FF sends and what LWP sends-- it looks like their js mostly just formats boxes and stuff like that on their page} I feel like I must be missing something obvious......	[reply]
Re^3: Bug in LWP? Missing cookie by Corion (Patriarch) on Aug 03, 2018 at 16:13 UTC
Usually, `csrf` stands for Csrf when doing HTTP. So likely, you will need that cookie. Maybe that cookie gets created by Javascript? Have you tried disabling Javascript in your browser and looked whether the site still works?	[reply] [d/l]