Using Delphi and Indy's TIdHTTP component, I created a program simulating signing into a website.
Using the TIdHTTP.Get() method, I would get a sign-in <form> containing the email address and password input fields and the sign in button:
<form action="/en/users/sign_in" method="post">
<input name="authenticity_token" value="9WO…r0g" />
<input name="session[email]" id="session_email" />
<input name="session[password]" id="session_password" />
<input type="submit" name="commit" value="Sign in" />
</form>
I would create a TStringList and populate it with the authenticity_token, session[email], session[password] and commit values. Then I would use the TIdHTTP.Post() method, and everything worked fine.
The site has been recently redesigned, and my code no longer works.
The <head> of the HTML page now contains the following:
<meta name="csrf-param" content="authenticity_token" />
<meta name="csrf-token" content="Y5J…5nQ" />
MS Edge Developers tools shows that the POST request parameters are authenticity_token populated with the csrf-token content value plus the session[email], session[password] and commit values. Unfortunately, I am receiving a 400 Bad Request error.
I have spend a lot of time reading about CSRF, Cookies, etc but cannot find a solution to my problem. I am not a professional coder, just an enthusiast.