hi
i haw a acount in a website and ther is some field and a button
when you click the button the browser send a request to the serve.
in google chrome you can run javascript code in console tollse
i want to send the request instead clicking the button
this is the browser request that is without problem
googlechrome console >> network
General
Request URL: https:
Request Method: POST
Status Code: 200 OK
Remote Address: 283.4.246.174:443
Referrer Policy: strict-origin-when-cross-origin
-----------------------------------------------------------
Response Headers
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: https:
Content-Encoding: gzip
content-length: 207
Content-Security-Policy
Content-Type: application/json
Date: Fri, 15 Jan 2021 11:14:34 GMT
Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin
Vary: Origin,Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: master-only
X-XSS-Protection: 1; mode=block
-----------------------------------------------------------
Request Headers
Accept: application/json, text/plain
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9,fa;q=0.8
Connection: keep-alive
Content-Length: 550
Content-Type: application/json
Cookie: _ga=GA1.2.6054475.1607011012; PLAY_LANG=fa; cookiesession1=0DSJSD9P11OUN7RFD8V2TDLYFR054FD; PLAY_SESSION=090f8dfg45654df7rt8477921fdce2901-client_login_id=39eef7409873e9a659a01&client_id=b8456ddcfc287a096e&authToken=e32a323dfa9048a173a216bcc
DNT: 1
Host: site.com
Origin: https:
Referer: https:
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
User-Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36
X-App-N: 234587302048.61669664
-----------------------------------------------------------
Request Payload
{param1:value1,param2:value2}
param1:value1
param2:value2
but when i send the request in google chrome console i get 403 error and this message
"Security problem. Invalid request."
my code
var url = 'https://site.com/api/x';
var params = '"param1":"value1","param2":"value2"';
var http = new XMLHttpRequest();
http.open('POST', url, true);
http.setRequestHeader('Content-Type', 'application/json');
http.send(params);
What I have tried:
send request to server in google chrome console