Awesome, thanks for taking this on! The csrfmiddlewaretoken is our way of stopping cross-site request forgery ( http://en.wikipedia.org/wiki/Cross-site_request_forgery). From memory (let me know if you need something more specific) it gets passed to you with the dashboard html and is unique to:
1. Your account, and 2. Some finite period of time: you can't use a token more than 2 days after it was issued. Basically you *need* to pass the token to us as we gave it to you; otherwise we'll think someone tricked you into visiting his/her website which had <img src=" http://code.google.com/codejam/dashboard?c=9001&download=problem1&giveup=yes&fail=hahaha"/> on it, and we simply won't perform the action you requested. On Sun, Jun 6, 2010 at 9:41 PM, Jorge Bernadas <[email protected]> wrote: > Yes. It doesn't matter in the test contest, but in the real one it > does. Otherwise, the server just ignores your requests. The good part > is that it's the same for all contests in code.google.com, but looks > like it isn't a fixed value. > > It would be nice to have an official word on that value, getting it > automatically would be optimal. > > > On Jun 7, 12:37 am, Sandaruwan Gunathilake > <[email protected]> wrote: > > There is a hidden input called "csrfmiddlewaretoken" right? > > > > Regards, > > Sandaruwan > > > > > > > > > > > > On Mon, Jun 7, 2010 at 9:38 AM, Jorge Bernadas <[email protected]> > wrote: > > > I tried my tool again today and it didn't work because the > > > cmsmiddleware tokens changed. I updated it with the new ones and it > > > worked again. However, the process I use to get them is tedious: > > > > > - Open wireshark (any decent sniffer works). > > > - Start a capture. > > > - Download an input. > > > - Stop the capture. > > > - Look for the message that requests the input and take the token. > > > > > Similar for the token used to send solutions. Is there any way to get > > > them easy? Preferably by the program itself. > > > > > Thanks. > > > > > On Jun 5, 4:56 pm, Jorge Bernadas <[email protected]> wrote: > > > > I tested my tool today and it worked like a charm (download, run and > > > > submit with only one command). As soon as I get an answer about the > > > > cmsmiddlewaretoken I will make it public. > > > > > > On Jun 5, 12:38 am, Jorge Bernadas <[email protected]> wrote: > > > > > > > Done! > > > > > > > Just finished the tool like ten minutes ago. Basically I did a > library > > > > > in python and then built scripts over it, one to config the contest > > > > > (this one initializes problem ids and names in a config file), > another > > > > > to download the inputs and another to submit the outputs. Also, it > > > > > supports sending multiple sources (the library, my scripts do not > > > > > support that because I think I won't need it), and it logs itself > > > > > using google's ClientLogin, so it doesn't depend on the browser. > > > > > > > I've tested it in the contest you created and in the practice > rooms. > > > > > It works there, looks like the server ignores the sources in > practice > > > > > mode, instead of failing because I passed them. However, I have > some > > > > > question about a detail I'm not sure about, before making it > public: > > > > > > > There is a value, that is specified during downloads and submits, > > > > > called 'csrfmiddlewaretoken'. I don't know what that is, and in the > > > > > test contest it is not necessary (I just omitted it and it worked > > > > > fine). However, in the practice rooms I need it, so my first idea > was > > > > > to fix them in the code (I got them using wireshark) and test. > Then, I > > > > > realized that the same tokens worked for many contests in > > > > > code.google.com (I didn't test them all), but I still would like > to > > > > > know if there is a way to get them. > > > > > > > Thanks for the opportunity to develop this tool, I learned some > python > > > > > and HTTP today =). > > > > > > > On Jun 2, 2:28 am, Bartholomew Furrow <[email protected]> wrote: > > > > > > > >http://codejam-devel.appspot.com/codejam > > > > > > > > The contest is live for 6 days. Ping me if you need it > re-created. > > > It > > > > > > looks a lot like the live site, but it's flawed in a couple of > ways: > > > > > > > > - The scoreboard won't populate properly. > > > > > > - It's got pretty limited quota, so don't hammer it -- you're > sharing > > > it > > > > > > with everyone else who's trying to develop something. > > > > > > > > I can fix both of these given an hour or so, but I'm going on > > > vacation > > > > > > tomorrow and I have to pack. Hopefully this will be enough to > let > > > you > > > > > > figure out what you need to figure out. > > > > > > > > Cheers, > > > > > > Bartholomew > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "google-codejam" group. > > > To post to this group, send email to [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]<google-code%[email protected]> > <google-code%2bunsubscr...@googlegr oups.com> > > > . > > > For more options, visit this group at > > >http://groups.google.com/group/google-code?hl=en. > > > > -- > > Best Regards, > > Sandaruwan Gunathilake > > -- > You received this message because you are subscribed to the Google Groups > "google-codejam" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<google-code%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/google-code?hl=en. > > -- You received this message because you are subscribed to the Google Groups "google-codejam" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-code?hl=en.
