javascript - 在知乎上,在Chrome的Console上,利用Fetch-API模拟取消关注一个人,所有POST确认无误,仍报403错误-PHP中文网问答

描述问题

想利用js代码模拟取消关注,现在是取消关注一个人,不知道代码问题在哪里
注: 隐去了一些cookie和token

首先在Network上看到请求如下(浏览器上的操作)

Request URL:https://www.zhihu.com/node/MemberFollowBaseV2
Request Method:POST
Status Code:200 OK
Remote Address:112.29.152.100:443


Response Headers
view source
Cache-Control:no-store
Connection:keep-alive
Content-Encoding:gzip
Content-Length:42
Content-Security-Policy:default-src *; img-src * data:; frame-src 'self' *.zhihu.com getpocket.com note.youdao.com read.amazon.cn; script-src 'self' *.zhihu.com *.google-analytics.com zhstatic.zhihu.com res.wx.qq.com 'unsafe-eval'; style-src 'self' *.zhihu.com 'unsafe-inline'
Content-Type:application/json
Date:Thu, 06 Oct 2016 04:52:32 GMT
Pragma:no-cache
Server:Qnginx/1.2.0
Set-Cookie:_xsrf=; Domain=zhihu.com; expires=Wed, 07 Oct 2015 04:52:32 GMT; Path=/
Set-Cookie: 你的cookie
Set-Cookie:
Vary:Accept-Encoding
X-Frame-Options:DENY
X-NWS-LOG-UUID:afc436a9-5205-46fa-a0fa-dbd2cc4bb19c
X-Req-ID:A041C7357F5D890
X-Za-Experiment:default:None
X-Za-Response-Id:000400af22560788


Request Headers
view source
Accept:*/*
Accept-Encoding:gzip, deflate, br
Accept-Language:en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Content-Length:90
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
Cookie: 你的cookie
Host:www.zhihu.com
Origin:https://www.zhihu.com
Pragma:no-cache
Referer:https://www.zhihu.com/people/he-zhiming/followees
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
X-Requested-With:XMLHttpRequest
X-Xsrftoken: 你的token


Form Data
view source
view URL encoded
method:unfollow_member
params:{"hash_id":"9c47aea775c35ebd6b647f0041bb7b6c"}

可知,是一个简单的POST请求,然后我用js代码模拟这一过程(见后文)
但是,结果返回403,body如下

Request URL:https://www.zhihu.com/node/MemberFollowBaseV2
Request Method:POST
Status Code:403 Forbidden
Remote Address:112.29.152.100:443


Response Headers
view source
Cache-Control:no-store
Connection:keep-alive
Content-Encoding:gzip
Content-Length:70
Content-Security-Policy:default-src *; img-src * data:; frame-src 'self' *.zhihu.com getpocket.com note.youdao.com read.amazon.cn; script-src 'self' *.zhihu.com *.google-analytics.com zhstatic.zhihu.com res.wx.qq.com 'unsafe-eval'; style-src 'self' *.zhihu.com 'unsafe-inline'
Content-Type:text/html; charset=UTF-8
Date:Thu, 06 Oct 2016 05:17:56 GMT
Pragma:no-cache
Server:Qnginx/1.2.0
Set-Cookie:q_c1=280cac781fda44199c454de14296dd24|1475731076000|1475731076000; Domain=zhihu.com; expires=Sun, 06 Oct 2019 05:17:56 GMT; Path=/
Set-Cookie:_xsrf=; Domain=zhihu.com; expires=Wed, 07 Oct 2015 05:17:56 GMT; Path=/
Set-Cookie:你的cookie
Set-Cookie:n_c=1; Domain=zhihu.com; Path=/
Set-Cookie: 你的cookie
Vary:Accept-Encoding
X-Frame-Options:DENY
X-NWS-LOG-UUID:c8fde986-b6b3-42e5-81d5-96ccf1e4e54c
X-Req-ID:A11B2A857F5DE82
X-Za-Response-Id:0009e73ab30e66f5


Request Headers
view source
accept:*/*
Accept-Encoding:gzip, deflate, br
accept-language:en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4
Cache-Control:no-cache
Connection:keep-alive
Content-Length:90
content-type:application/x-www-form-urlencoded; charset=UTF-8
Host:www.zhihu.com
Origin:https://www.zhihu.com
post:/node/MemberFollowBaseV2 HTTP/1.1
Pragma:no-cache
Referer:https://www.zhihu.com/people/he-zhiming/followees
User-Agent:Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36
x-requested-with:XMLHttpRequest
x-xsrftoken: 你的token


Form Data
view source
view URL encoded
method:unfollow_member
params:{"hash_id":"9f2f9b4aa78b9a1e76fcfd9225e2dc25"}

上下文环境

Chrome最新版,支持fetch-API
Console上粘贴代码

重现

拷贝我的js代码,运行之
可能一些cookie,token之类的需要修改,具体查看你的chrome即可

相关代码

var _hashid = '9f2f9b4aa78b9a1e76fcfd9225e2dc25'       //这是copy的一个hash_id
var url = '/node/MemberFollowBaseV2'
//构造payload
var body = 'method=unfollow_member¶ms=' + encodeURIComponent(JSON.stringify({"hash_id":_hashid}));
var _headersObj = {
    POST : '/node/MemberFollowBaseV2 HTTP/1.1',
    Host: 'www.zhihu.com',
    Connection: 'keep-alive',
    'Content-Length': '90',
    Pragma: 'no-cache',
    'Cache-Control': 'no-cache',
    Origin: 'https://www.zhihu.com',
        'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36',
    'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8',
    Accept: '*/*',
     'X-Requested-With': 'XMLHttpRequest',
     'X-Xsrftoken': '粘贴你的token',
     Referer: '从chrome处粘贴',
     'Accept-Encoding': 'gzip, deflate, br',
     'Accept-Language': 'en-US,en;q=0.8,zh-CN;q=0.6,zh;q=0.4',
     Cookie: 粘贴你的cookie
 }

var headers = new Headers(_headersObj)
var request = new Request(
    url,
    {
        method: 'POST',
        headers: headers,
        body: body
    }
)


fetch(request).then(function (response) {
        if (response.ok) {
            var json = response.json()
            if (json.r === 0) {
                console.log('SUCCESS')
            }
        }else {
            console.log('FAILED')
        }
})

报错信息

见上文

已经尝试哪些方法仍然没有解决(附上相关链接)

查阅了fetch-API的使用: https://davidwalsh.name/fetch

问题简化

var xhr = new XMLHttpRequest() xhr.open('post', 'https://www.zhihu.com/node/MemberFollowBaseV2') xhr.setRequestHeader('X-Xsrftoken', '931b0a52485014ddb1509ce9fafe5b49'); xhr.setRequestHeader('Content-Type', "application/x-www-form-urlencoded; charset=UTF-8"); xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest'); xhr.send('method=unfollow_member&params=%7B%22hash_id%22%3A%2256f08771bad765deb3aea5c8ee316765%22%7D');