[Brave Browser] Bad csrf token format

[AdamDorwart]

Using Brave Browser when I look for the cookie in the request header, the "Cookie" field starts with cf_clearance=*****;csrftoken=***.... Using this gives Bad csrf token format.

I'm able to get it to work by stripping the cf_clearance=***; from the beginning so it starts with csrfotken=***; (see my reply below for the real solution)

[LukasBauza]

Yeah, I have the same issue, I am also using Brave at the moment.

I installed Firefox and followed the guide within the README.md and copied it that way.

[jburg3ss]

Hey @AdamDorwart,

Another Brave user here. I had luck by just copying the entire Cookie from devtools. Notice the highlighted value. Copy that and slap that straight into the Cookie field in neovim.

[LukasBauza]

Hey @AdamDorwart,

Another Brave user here. I had luck by just copying the entire Cookie from devtools. Notice the highlighted value. Copy that and slap that straight into the Cookie field in neovim.

This worked for me, thanks.

[AdamDorwart]

Yes, that's where I'm pulling it from. Specifically the Request Header Cookie.

Today I had to refresh the cookie. I tried the same technique that worked last time of stripping the cf_clearance field but this time it didn't work. I probably did something else that I didn't realize. Decided to look a little deeper.

The regex is pretty straightforward

    local csrf = str:match("csrftoken=([^;]+)")
    if not csrf or csrf == "" then
        return nil, "Bad csrf token format"
    end

    local ls = str:match("LEETCODE_SESSION=([^;]+)")
    if not ls or ls == "" then
        return nil, "Bad leetcode session token format"
    end

and I can confirm this correctly matches my cookie.

The real issue is pretty silly. In Brave dev tools, double clicking the 'Cookie' text to highlight it, and then copying it, adds a /CR /LF to the end of the cookie. When you paste this into the NuiInput dialog box and press enter it returns an empty string to the regex. You can tell this is happening when you paste the string and the input box makes this animation and is empty before hitting return.

Solution: Ensure you're at https://leetcode.com and signed in (other pages don't always return both csrftoken and LEETCODE_SESSION). In Brave, highlight the contents of the Request Header Cookie with click and drag. Do not highlight with double click. You should see the tail end of the cookie in the input box before hitting return.

[thezaff]

So you must include string containing csrftoken=***;LEETCODE_SESSION=***. This was confusing, maybe it makes sense to have 2 fields for each value.