android中的csrf验证获取Typeerror

时间:2016-10-05 05:20:25

标签: android android-studio

我正在使用我需要csrftoken验证的应用。我在每个请求中收到cookie并在每个请求中再次返回。我需要csrf验证的请求如下。我也使用localcontext在头文件和cookie中发送csrf。但我得到了Typeerror。下面给出的细节错误。与我在标题中仅发送csrftoken且没有请求cookie的情况相同时,获取403forbidden csrf验证失败。请帮我解决问题..... 

public JSONArray getLinkFromUrl(String url, List<NameValuePair> param) throws IOException {

    // Making HTTP request
    DefaultHttpClient httpClient = new DefaultHttpClient();
    Log.d("ADebugTag", "url: "+url);
    Log.d("ADebugTag", "csrfToken: " + PrefManager.csrfToken);
    Log.d("ADebugTag", "Domain: " + PrefManager.domain);
    try {
        HttpPost httpPost = new HttpPost(url);
        httpPost.setEntity(new UrlEncodedFormEntity(param));
       // httpPost.setHeader("Referer", url);
        httpPost.setHeader("X-CSRFToken", PrefManager.csrfToken);
        final BasicCookieStore cookieStore = new BasicCookieStore();
        for (Cookie cookie: PrefManager.cookies) {
            cookieStore.addCookie(cookie);
            Log.d("ADebugTag", "cookie: " + cookie.toString());
        }
        HttpContext localContext = new BasicHttpContext();
        localContext.setAttribute(ClientContext.COOKIE_STORE, cookieStore);
        HttpResponse response = httpClient.execute(httpPost,localContext);
        HttpEntity httpEntity = response.getEntity();
        is = httpEntity.getContent();
    } catch (UnsupportedEncodingException e) {
        e.printStackTrace();
    } catch (ClientProtocolException e) {
        e.printStackTrace();
    } catch (IOException e) {
        e.printStackTrace();
    }

类型错误

<!DOCTYPE html>
     <html lang="en">
     <head>
       <meta http-equiv="content-type" content="text/html; charset=utf-8">
       <meta name="robots" content="NONE,NOARCHIVE">
       <title>TypeError at /m/payment</title>
       <style type="text/css">
         html * { padding:0; margin:0; }
         body * { padding:10px 20px; }    </style>

       <script type="text/javascript">
       //<!--
         function getElementsByClassName(oElm, strTagName, strClassName){
             // Written by Jonathan Snook, http://www.snook.ca/jon; Add-ons by Robert Nyman, http://www.robertnyman.com
             var arrElements = (strTagName == "*" && document.all)? document.all :
             oElm.getElementsByTagName(strTagName);
             var arrReturnElements = new Array();
             strClassName = strClassName.replace(/\-/g, "\-");
             var oRegExp = new RegExp("(^|\s)" + strClassName + "(\s|$)");
             var oElement;
             for(var i=0; i<arrElements.length; i++){
                 oElement = arrElements[i];
                 if(oRegExp.test(oElement.className)){
                     arrReturnElements.push(oElement);
                 }
             }
             return (arrReturnElements)

值:[user_id = 8,trxn_type = FP,subtrxn_type = N,schemes = [{&#34; scheme_code&#34;:2390,&#34; amount&#34;:5000}],session_key = 0j467lrxgi8o1yhdcgnduc4czmoiyses]

cookie:[version:0] [name:csrftoken] [value:O1xARAJ0ISMPeHId56Bk2boYW0XoKvwJ] [domain:......] [path:null] [expiry:null]

1 个答案:

答案 0 :(得分:0)

通过发送与我在每个请求中从服务器端收到的Cookie相同的Cookie,我得到了解决方案。首先存储从服务器收到的cookie列表,然后再将其发送到服务器。 findParams :{'serviceRequest.serviceRequestSubtype.masterCode':'RETPOSTREG',$and:[{'serviceRequest.serviceRequestStatus.masterCode':'COMPLETED'},{$and:[{'serviceRequest.customer.services.service.0.serviceDetails.serviceStatus.masterCode':'ACT'},{$and:[{'serviceRequest.customer.services.service.0.serviceDetails.technology.masterCode':'GSM'}]}]}]}

相关问题
最新问题