• Products
  • Solutions
  • Made with Unity
  • Learning
  • Support & Services
  • Community
  • Asset Store
  • Get Unity

UNITY ACCOUNT

You need a Unity Account to shop in the Online and Asset Stores, participate in the Unity Community and manage your license portfolio. Login Create account
  • Blog
  • Forums
  • Answers
  • Evangelists
  • User Groups
  • Beta Program
  • Advisory Panel

Navigation

  • Home
  • Products
  • Solutions
  • Made with Unity
  • Learning
  • Support & Services
  • Community
    • Blog
    • Forums
    • Answers
    • Evangelists
    • User Groups
    • Beta Program
    • Advisory Panel

Unity account

You need a Unity Account to shop in the Online and Asset Stores, participate in the Unity Community and manage your license portfolio. Login Create account

Language

  • Chinese
  • Spanish
  • Japanese
  • Korean
  • Portuguese
  • Ask a question
  • Spaces
    • Default
    • Help Room
    • META
    • Moderators
    • Topics
    • Questions
    • Users
    • Badges
  • Home /
avatar image
0
Question by rasca0027 · Jan 25, 2019 at 09:53 PM · webcookiecookiesrestful

Cookie not correctly set in UnityWebRequest in 2018.3

It seems that Unity has changed the implementation of how UnityWebRequest handles cookies, and it's not documented anywhere.

I have a RESTful API (written in Django), which has CSRF protection. And I have an Unity app that uses UnityWebRequest to POST things to the RESTful API.

Because of the CSRF protection, I need to pass in CSRF token for each request; the token came from response headers.

In a normal browser, browser handles the Set-Cookie header, so you don't have to manually set it; however, it is a know bug in UnityWebRequest that it does not set the Cookie header correctly, so I had to do some weird hack to set it manually, such as following (and this code works well in 2018.2):

 IEnumerator Login()
 {
     string url = baseURL + "/accounts/login/";
     WWWForm form = new WWWForm();
     form.AddField("username", "username");
     form.AddField("password", "helloworld");

     using (UnityWebRequest www = UnityWebRequest.Post(url, form))
     {
         www.SetRequestHeader("X-CSRFToken", csrftoken);
         www.SetRequestHeader("Cookie", string.Format("csrftoken={0}", csrftoken));
      
         yield return www.SendWebRequest();

         if (www.isNetworkError || www.isHttpError)
         {
             Debug.Log(www.error);
         }
         else
         {
             string cookies = www.GetResponseHeader("Set-Cookie");
             sessionID = GetCookie(cookies, "sessionid");
             csrftoken = GetCookie(cookies, "csrftoken");     
         }
     }
 }

 

Now I'm upgrading to 2018.3. I haven't changed any code on serverside, but now I'm getting all these 403 errors saying CSRF Token not matching.

At first it seems like Unity finally "fixed the bug": to make it behave like a normal browser and handles cookies automatically. So I tried getting rid of

 www.SetRequestHeader("X-CSRFToken", csrftoken);
 www.SetRequestHeader("Cookie", string.Format("csrftoken={0}", csrftoken));


But then the serverside either does not get cookie in request headers at all, or the request header contains outdated token.

Does anyone know how to fix this? Huge thanks in advance.

Comment
Add comment
10 |3000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

1 Reply

· Add your reply
  • Sort: 
avatar image
0

Answer by booferei · Mar 18, 2019 at 10:11 AM

Apparently Unity 2018.3 introduced a behavior change to UnityWebRequest - cookies are set automatically. So the solution to our problem is to not set the "Cookie" header (#if UNITY_2018_3_OR_NEWER).

Comment
Add comment · Share
10 |3000 characters needed characters left characters exceeded
▼
  • Viewable by all users
  • Viewable by moderators
  • Viewable by moderators and the original poster
  • Advanced visibility
Viewable by all users

Your answer

Hint: You can notify a user about this post by typing @username

Up to 2 attachments (including images) can be used with a maximum of 524.3 kB each and 1.0 MB total.

Welcome to Unity Answers

If you’re new to Unity Answers, please check our User Guide to help you navigate through our website and refer to our FAQ for more information.

Before posting, make sure to check out our Knowledge Base for commonly asked Unity questions.

Check our Moderator Guidelines if you’re a new moderator and want to work together in an effort to improve Unity Answers and support our users.

Follow this Question

Answers Answers and Comments

99 People are following this question.

avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image avatar image

Related Questions

Saving and Fetching Cookies from UnityWebRequest 0 Answers

Access browser cookies from Web Player 2 Answers

Flashlight Cookie Not Displaying 1 Answer

Set Content-Length header for UnityWebRequest POST requests in 2017.3? 1 Answer

How can i receive data from URL like cookies? 0 Answers


Enterprise
Social Q&A

Social
Subscribe on YouTube social-youtube Follow on LinkedIn social-linkedin Follow on Twitter social-twitter Follow on Facebook social-facebook Follow on Instagram social-instagram

Footer

  • Purchase
    • Products
    • Subscription
    • Asset Store
    • Unity Gear
    • Resellers
  • Education
    • Students
    • Educators
    • Certification
    • Learn
    • Center of Excellence
  • Download
    • Unity
    • Beta Program
  • Unity Labs
    • Labs
    • Publications
  • Resources
    • Learn platform
    • Community
    • Documentation
    • Unity QA
    • FAQ
    • Services Status
    • Connect
  • About Unity
    • About Us
    • Blog
    • Events
    • Careers
    • Contact
    • Press
    • Partners
    • Affiliates
    • Security
Copyright © 2020 Unity Technologies
  • Legal
  • Privacy Policy
  • Cookies
  • Do Not Sell My Personal Information
  • Cookies Settings
"Unity", Unity logos, and other Unity trademarks are trademarks or registered trademarks of Unity Technologies or its affiliates in the U.S. and elsewhere (more info here). Other names or brands are trademarks of their respective owners.
  • Anonymous
  • Sign in
  • Create
  • Ask a question
  • Spaces
  • Default
  • Help Room
  • META
  • Moderators
  • Explore
  • Topics
  • Questions
  • Users
  • Badges