Click here to Skip to main content
15,063,085 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
hi i haw a acount in a website and ther is some field and a button
when you click the button the browser send a request to the serve.

in google chrome you can run javascript code in console tollse

i want to send the request instead clicking the button


this is the browser request that is without problem
JavaScript
googlechrome console >> network

General

Request URL: https://site.com/api/x
Request Method: POST
Status Code: 200 OK
Remote Address: 283.4.246.174:443
Referrer Policy: strict-origin-when-cross-origin

-----------------------------------------------------------

Response Headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https://site.com
Content-Encoding: gzip
content-length: 207
Content-Security-Policy
Content-Type: application/json
Date: Fri, 15 Jan 2021 11:14:34 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Vary: Origin,Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: master-only
X-XSS-Protection: 1; mode=block

-----------------------------------------------------------

Request Headers

Accept: application/json, text/plain
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,fa;q=0.8
Connection: keep-alive
Content-Length: 550
Content-Type: application/json
Cookie: _ga=GA1.2.6054475.1607011012; PLAY_LANG=fa; cookiesession1=0DSJSD9P11OUN7RFD8V2TDLYFR054FD; PLAY_SESSION=090f8dfg45654df7rt8477921fdce2901-client_login_id=39eef7409873e9a659a01&client_id=b8456ddcfc287a096e&authToken=e32a323dfa9048a173a216bcc
DNT: 1
Host: site.com
Origin: https://site.com
Referer: https://site.com
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36
X-App-N: 234587302048.61669664

-----------------------------------------------------------

Request Payload

{param1:value1,param2:value2}

param1:value1
param2:value2



but when i send the request in google chrome console i get 403 error and this message
"Security problem. Invalid request."

my code
JavaScript
var url = 'https://site.com/api/x';
 var params = '"param1":"value1","param2":"value2"';
 var http = new XMLHttpRequest();

 http.open('POST', url, true);

 http.setRequestHeader('Content-Type', 'application/json');

  http.send(params);


What I have tried:

send request to server in google chrome console
Posted
Updated 16-Jan-21 0:15am
v2

1 solution

you didnt build the json data correctly.
try to use:
http.send(JSON.stringify({ "param1": "", "param2": "" }));
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900