Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cookies] option breaks twitter extractor #2676

Closed
Gigas002 opened this issue Jun 13, 2022 · 2 comments
Closed

[cookies] option breaks twitter extractor #2676

Gigas002 opened this issue Jun 13, 2022 · 2 comments

Comments

@Gigas002
Copy link

Specifying "cookies": [ "firefox" ] in config breaks twitter extractor (e.g. this tweet) with an error:

twitter: 403 Forbidden (This request requires a matching csrf cookie and header.)

After commenting the variable extractor works fine.
@mikf
Copy link
Owner

mikf commented Jun 13, 2022

Works on my machine ™️:

[cookies][debug] Extracting cookies from /home/mike/.mozilla/firefox/xxxxxxxx.profile/cookies.sqlite
[twitter][debug] Using TwitterTweetExtractor for 'https://twitter.com/gumin_sou/status/1517703396945707008'
[urllib3.connectionpool][debug] Starting new HTTPS connection (1): twitter.com:443
[urllib3.connectionpool][debug] https://twitter.com:443 "GET /i/api/graphql/ItejhtHVxU7ksltgMmyaLA/TweetDetail?variables=%7B%22focalTweetId%22%3A%221517703396945707008%22%2C%22with_rux_injections%22%3Afalse%2C%22withCommunity%22%3Atrue%2C%22withQuickPromoteEligibilityTweetFields%22%3Atrue%2C%22withBirdwatchNotes%22%3Afalse%2C%22includePromotedContent%22%3Afalse%2C%22withSuperFollowsUserFields%22%3Atrue%2C%22withBirdwatchPivots%22%3Afalse%2C%22withDownvotePerspective%22%3Afalse%2C%22withReactionsMetadata%22%3Afalse%2C%22withReactionsPerspective%22%3Afalse%2C%22withSuperFollowsTweetFields%22%3Atrue%2C%22withClientEventToken%22%3Afalse%2C%22withVoice%22%3Atrue%2C%22withV2Timeline%22%3Afalse%2C%22__fs_interactive_text%22%3Afalse%2C%22__fs_dont_mention_me_view_api_enabled%22%3Afalse%7D HTTP/1.1" 200 6343
[urllib3.connectionpool][debug] Starting new HTTPS connection (1): video.twimg.com:443
[urllib3.connectionpool][debug] https://video.twimg.com:443 "GET /ext_tw_video/1517703137540587520/pu/vid/874x720/FWeCgU5ghNRsEIek.mp4?tag=12 HTTP/1.1" 200 5284092
/tmp/twitter/gumin_sou/1517703396945707008_1.mp4

The csrf token logic hasn't changed in quite a while, and it really doesn't matter how you get your cookies to be used by gallery-dl, directly extracting them from a browser or otherwise.

What I've noticed when experimenting around with all Twitter cookies in a cookies.txt file, is that changing the ct0 cookie - the one involved in csrf checks on Twitter - by even one byte, it triggers the same error as the one you posted, even though gallery-dl sends the exact same value as ct0 cookie and x-csrf-token header. So it seems that only some csrf tokens are deemed valid by Twitter.

What seems to work is not using a given csrf token, like it is currently done, and simply always auto-generating one, but that might break things for someone else.

gallery-dl/gallery_dl/extractor/twitter.py

Lines 849 to 852 in 7fe1f44

csrf_token = cookies.get("ct0", domain=cookiedomain)
if not csrf_token:
csrf_token = util.generate_token()
cookies.set("ct0", csrf_token, domain=cookiedomain)

mikf added a commit that referenced this issue Jun 13, 2022
@mikf
[twitter] implement 'csrf' option (#2676)
9c8d895
@Gigas002
Copy link
Author

Thanks for the new option, works like a charm! 👍
Should I close the issue?

@mikf mikf closed this as completed Jun 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikf @Gigas002