gae urlfetch 本地与上传
问题是,当我在开发环境(Google 应用程序引擎的本地服务器)中使用 urlfetch.fetch(...) 执行 POST 请求时,我得到 HTTP 302 状态,正如我所期望的那样(我可以进行重定向)。但是,当我上传应用程序并尝试从 .appspot.com 运行它时,然后获取 403 响应,这是“禁止的”。
详细信息:
- url 是 https(我的银行网站),
- 请求标头中有 cookie
- .. 还有什么?
看起来,远程站点(银行)看到 2 个请求不同:本地可以,“来自 goole”不行。
我的Python代码:
url1 = "https://www.ebgz.pl/detal-web/jbank/unlogged/choose/method.do?rid="+str(random.random())+"&srvc="
response = urlfetch.fetch(url1)
lparser = Link_HTMLParser()
lparser.feed(response.content)
url2 = "https://www.ebgz.pl" + lparser.frameSrc
hdrs = {}
hdrs['Referer'] = url1
cookie = response.headers.get('Set-Cookie')
if cookie:
hdrs['Cookie'] = cookie
response = urlfetch.fetch(url2, headers = hdrs)
其中 Link_HTMLParser 是用于获取框架源链接的简单解析器(如果您查看 url1 的第一个响应内容,它就会变得清晰):
class Link_HTMLParser(HTMLParser):
def handle_starttag(self, tag, attrs):
if tag == "iframe":
for n,v in attrs:
if n == 'src':
self.frameSrc = v
问题在于第二个响应:来自谷歌的 403 和来自本地 gae 服务器的 200。 我在问题开头提到了 POST,但似乎无论使用哪种方法(GET 或 POST)都会出现问题。我猜这是一些会话管理问题。
The problem is that, when I do a POST request with urlfetch.fetch(...) in development environment (local server of google app engine), I get HTTP 302 status, as I expect (I can do a redirection). But when I upload the app and try to run it from .appspot.com, then fetch responses with 403, that is "forbidden".
Details:
- url is https (my bank site)
- there are cookies in request headers
- .. what else ?
It looks like, the remote site (bank) sees that 2 requests differently: local is OK, "from goole" is not OK.
My python code:
url1 = "https://www.ebgz.pl/detal-web/jbank/unlogged/choose/method.do?rid="+str(random.random())+"&srvc="
response = urlfetch.fetch(url1)
lparser = Link_HTMLParser()
lparser.feed(response.content)
url2 = "https://www.ebgz.pl" + lparser.frameSrc
hdrs = {}
hdrs['Referer'] = url1
cookie = response.headers.get('Set-Cookie')
if cookie:
hdrs['Cookie'] = cookie
response = urlfetch.fetch(url2, headers = hdrs)
Where Link_HTMLParser is simple parser for getting frame's source link (if You look at the first response content of url1 it become clear):
class Link_HTMLParser(HTMLParser):
def handle_starttag(self, tag, attrs):
if tag == "iframe":
for n,v in attrs:
if n == 'src':
self.frameSrc = v
The problem is with the 2nd response: its 403 from google, and 200 from local gae serwer.
I mentioned about a POST at the beginning of my question, but it appears that the problem occurs regardless of the method (GET or POST). It's some session management issue I guess..
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
当然,理论上银行可能不允许来自某些位置(通过 IP 地址)的请求。显然你可以询问银行是否有任何限制。
请注意 RFC 2616 提到了 403 响应:
所以银行的回应中可能有更多细节。
您还可以设置自己的服务,使用它代替银行的 URL 并记录所有 HTTP 标头。 POST 到这个 URL 就像你 POST 到银行一样,比较一下,来自本地机器的请求和“来自 google”的请求除了请求地址之外还有其他区别吗?
Of course it's theoretically possible that the bank do not permits requests from some locations (by IP address). And obviously you could ask the bank, whether there are any restrictions.
Note that RFC 2616 says about 403 response:
So probably there are some more details in bank's response.
Also you can set up your own service, use it instead of your bank's URL and log all HTTP headers. POST to this URL just like you POST to the bank and compare, is there some other difference in the request from your local machine and "from google", except the request address.