Recently Tumblr has implemented a new form security mechanism consisting in a key that is requested from http://www.tumblr.com/svc/secure_form_key.
This secure_form_key application is requested via an empty POST request and the server will reply with a 404 error if an unexpected request is detected (unidentified user, POST parameters, etc).
This form will reply with an empty document and a response header called X-tumblr-secure-form-key, which holds the key value required for X-tumblr-puppies, a header that needs to be passed to the http://www.tumblr.com/svc/post/update application, the one in charge of posting.
The value returned in X-tumblr-secure-form-key is binary, and must be precessed before being able to use it as a key. This regular expression should do it, as it only uses numbers, letters and the exclamation mark and pipe simbols: [^a-zA-Z0-9\|\!].
No comments:
Post a Comment