From 34bbe9e323f30f2f0699e846258e08f8541f35ea Mon Sep 17 00:00:00 2001
From: Mint <>
Date: Wed, 28 Dec 2022 20:36:26 +0300
Subject: [PATCH] Handle CSRF tokens on masto endpoint

---
 fetch_blocks.py | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/fetch_blocks.py b/fetch_blocks.py
index 5e076e7..187ac09 100644
--- a/fetch_blocks.py
+++ b/fetch_blocks.py
@@ -297,8 +297,20 @@ for blocker, software in c.fetchall():
                     "followers_only": [],
                     "report_removal": []
                 }
+
+                # handling CSRF, I've saw at least one server requiring it to access the endpoint
+                meta = BeautifulSoup(
+                    get(f"https://{blocker}/about", headers=headers, timeout=5).text,
+                    "html.parser",
+                )
+                try:
+                    csrf = meta.find("meta", attrs={"name": "csrf-token"})["content"]
+                    reqheaders = {**headers, **{"x-csrf-token": csrf}}
+                except:
+                    reqheaders = headers
+
                 blocks = get(
-                    f"https://{blocker}/api/v1/instance/domain_blocks", headers=headers, timeout=5
+                    f"https://{blocker}/api/v1/instance/domain_blocks", headers=reqheaders, timeout=5
                 ).json()
                 for block in blocks:
                     entry = {'domain': block['domain'], 'hash': block['digest'], 'reason': block['comment']}