I am currently building wifi controlled rgb led stripes with the esp8266. I want to the controll the mcu over a website so my idea was to set up a server to host the website and let the Arduino regularly query the server for updates (it is more complex than that but that is irrelevant for this post).
But this is where my problem comes in: Infinityfree (the host of my website) uses like most other hosting providers a simple anti-bot module (testcookie-nginx-module) that checks if the client can execute javascript as an anti-bot measure. The first time clients connect to an infinityfree website they receive the following script:
<html>
<body>
<script type="text/javascript" src="/aes.js"></script>
<script>
function toNumbers(d){
var e=[];
d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});
return e
}
function toHex(){
for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)
e+=(16>d[f]?"0":"")+d[f].toString(16);
return e.toLowerCase()
}
var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("8382e1a09e24573ac071261dccc8393c");
document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="http://thefreshsite.great-site.net/htm/theFreshSite.php?i=1";
</script>
<noscript>
This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support
</noscript>
</body>
</html>
This script generates a string and saves it as a cookie in the clients browser. The next time the client connects to the website this string gets passed to the server as a http header, so that the server recognices the client and responds with the website. However, since the microcontroller cannot execute javascript it the only thing it receives is the information that javascript has to be enabled to work.
I did some research and a lot other people had the same problem too. The common solution to the problem is to generate the cookie in a browser beforehand and since the cookie is static (Header key:"Cookie", Header value: "__test=[THE_CONTENT_OF_YOUR_COOKIE]; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/") you can send it as a header of your http request to bypass the module.I tested this solution with postman, however it didn't work. I either messed up the header value or I used postman incorrectly (never worked with it before).
My cookie: __test=cf2bd8c5785c8e65a8ebd1b58eb666f7; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/
Screenshot from postman:
My sources:
-https://blog.kwiatkowski.fr/?q=en/testcookie
I' m sorry if I'm missing something obvious, I've never worked on websites before and I still have to learn a lot I need for this project.