Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider adding POST API docs in some future #91

Open
catamphetamine opened this issue May 5, 2021 · 4 comments
Open

Consider adding POST API docs in some future #91

catamphetamine opened this issue May 5, 2021 · 4 comments

Comments

@catamphetamine
Copy link
Contributor

catamphetamine commented May 5, 2021
edited
Loading

Something like this:
https://gitlab.com/catamphetamine/imageboard/-/blob/master/docs/engines/4chan.md#post-a-comment

  • Post a new thread API
  • Post a new comment API
  • Report a comment or a thread
  • Log In with a "pass"
  • Log Out
@Adamantcheese
Copy link

Specifically for logins, here's some relevant info:
There's this 4chan_pass= cookie that gets sent with some requests, but I don't know what sets it and it doesn't seem necessary.

POST login
parameters:
"id", pass ID
"pin", pass PIN
"long_login", 1 (optional)

"act", "do_login" is not required.
When you do login, the following cookies will be set:
pass_id=; Path=/; Max-Age=86400; Domain=.4chan.org; SameSite=None; Secure; HttpOnly
pass_enabled=1; Path=/; Max-Age=86400; Domain=.4chan.org; SameSite=None; Secure

POST logout
parameters:
"logout", 1

When you do logout, the following cookies will be set:
pass_id=; Path=/; Max-Age=-3600; Domain=.4chan.org; SameSite=None; Secure; HttpOnly
pass_enabled=; Path=/; Max-Age=-3600; Domain=.4chan.org; SameSite=None; Secure
Note these will automatically expire.

If you get a "another IP is using this" error, some specific cookies will be automatically set:
cookies_pass_fail

@ccd0
Copy link

ccd0 commented Jul 5, 2021

The 4chan_pass= cookie is a remnant of the post deletion password field. There's some Javascript on the page that sets it to a random value if not set yet. It's stored with the post, and it allows you to delete the post from a different IP address. Given 4chan's restrictions on post deletion, it's not very valuable anymore. It is also now used to automatically detect ban evaders if they post with the same cookie from an unbanned IP.

@Adamantcheese
Copy link

I should mention also for logins that sys.4chan.org/auth and sys.4channel.org/auth return the same cookies, but a different domain. You can use cookies between the two without issue.

@Adamantcheese
Copy link

There is currently a bug in 4chan's backend where the "another IP is using this" error will only ever return cookies with a 4chan.org domain. You can submit posts with sys.4chan.org or sys.4channel.org, but the cookies returned will only ever be for 4chan.org. Since it appears that cookies can and are split across the two sites in other ways, I think that's probably not intended.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@catamphetamine @ccd0 @Adamantcheese