Issue: Invalid Header Character in X-XSRF-TOKEN #136
Description
Issue: Invalid Header Character in X-XSRF-TOKEN
Description:
I encountered an error while running the py3_sure.py script for performing an SD-WAN audit and upgrade readiness check. The script fails during the preliminary data collection stage due to an invalid character in the X-XSRF-TOKEN header.
Steps to Reproduce:
- Run the script with the following command:
python3 py3_sure.py -d -u user.name
- Provide the necessary password when prompted.
Observed Behavior:
The script terminates with the following error message:
ERROR: Error Collecting Preliminary Data.
Please check error details in log file: sdwan_sure/sure_logs_<timestamp>.log.
The log file contains:
ERROR: Invalid return character or leading space in header: X-XSRF-TOKEN
Traceback (most recent call last):
File "py3_sure.py", line 2032, in <module>
controllers = json.loads(getRequestpy3(version_tuple, vmanage_lo_ip, jsessionid , 'system/device/controllers', args.vmanage_port, tokenid))
File "py3_sure.py", line 182, in getRequestpy3
response = requests.request("GET", url , headers=headers, verify=False)
File "/usr/lib/python3.8/site-packages/requests/api.py", line 61, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 516, in request
prep = self.prepare_request(req)
File "/usr/lib/python3.8/site-packages/requests/sessions.py", line 449, in prepare_request
p.prepare(
File "/usr/lib/python3.8/site-packages/requests/models.py", line 315, in prepare
self.prepare_headers(headers)
File "/usr/lib/python3.8/site-packages/requests/models.py", line 449, in prepare_headers
check_header_validity(header)
File "/usr/lib/python3.8/site-packages/requests/utils.py", line 947, in check_header_validity
raise InvalidHeader("Invalid return character or leading space in header: %s" % name)
requests.exceptions.InvalidHeader: Invalid return character or leading space in header: X-XSRF-TOKEN
Expected Behavior:
The script should execute without errors and collect the preliminary data successfully.
Possible Cause:
The X-XSRF-TOKEN header seems to contain invalid characters or leading/trailing whitespace, which causes the requests library to raise an InvalidHeader exception.
Proposed Solution:
Strip any leading/trailing whitespace from the tokenID before including it in the headers. I modified the getRequestpy3 function to include this change:
def getRequestpy3(version_tuple, vManageIP, JSessionID, mount_point, Port, tokenID=None):
if Port is None:
url = "https://{}:8443/dataservice/{}".format(vManageIP, mount_point)
else:
url = "https://{}:{}/dataservice/{}".format(vManageIP, Port, mount_point)
if version_tuple[0:2] < (19, 2):
headers = {
'Cookie': JSessionID
}
else:
if tokenID:
tokenID = tokenID.strip() # Strip leading/trailing whitespace
headers = {
'X-XSRF-TOKEN': tokenID,
'Cookie': JSessionID
}
print(f"DEBUG: Headers - {headers}") # Debug print statement
response = requests.request("GET", url, headers=headers, verify=False)
data = response.content
if response.status_code == 200:
return data.decode()
else:
print(' Please verify if the vManage IP/URL is correct and JSessionID/CSRFToken is valid')Additional Information:
- Script version: 3.2.0
vManage# show version
20.9.4.1
vManage# vshell
vManage:~$ python3 --version
Python 3.8.13
vManage:~$ cat /etc/os-release
ID=viptela
Please let me know if you need any further details or if there's any other way I can assist in resolving this issue.
Thank you.