userinfo api from Bilibili space didn't work as expected

[noahlias]

Reproduce:

部分用户的panel会查不出来数据 ,比如用户id (2132180406) 查看请求发现 http://api.bilibili.com/x/space/wbi/acc/info?mid=2132180406 通过浏览器访问api是没有问题的，返回结果正常，通过fetch获取数据异常

{"code":-401,"message":"非法访问","ttl":1,"data":{"ga_data":{"decisions":["verify_captcha_level2"],"risk_level":1,"grisk_id":"92db46a0ba2f45d2395bc2755ee8d234","decision_ctx":{"buvid":"","decision_type":"4","ip":"x.x.x.x","mid":"0","scene":"anti_crawler","ua":"undici","v_checkIds":"","v_seconds":"120","v_times":"100","v_voucher":"voucher_2d1d8c6a-19e4-4257-9efe-2e908cb48337"}}}}

猜测是请求头ua和cookie的问题 经过mitmproxy抓包, cookie中只需要个key, buvid3 等于任意值

[noahlias]

I found another question: fetch data is working with nodejs but not working as expected in the browser .

var myHeaders = new Headers();
myHeaders.append(
  "User-Agent",
  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36 Edg/112.0.1722.68"
);
myHeaders.append("Cookie", "buvid3=321321312");

var requestOptions = {
  method: "GET",
  headers: myHeaders,
  redirect: "follow",
};

fetch(
  "https://api.bilibili.com/x/space/wbi/acc/info?mid=2132180406",
  requestOptions
)
  .then((response) => response.text())
  .then((result) => console.log(result))
  .catch((error) => console.log("error", error));

[noahlias]

oh, I got the answer from stackoverflow , add the credentials: 'include', and it make sense . no need to add header and cookie.

just change one line code and it works.

fetch(`${BILIBILI_API_URL}/x/space/wbi/acc/info?mid=${userId}`,{credentials: "include"})

[gaogaotiantian]

这个大概率是爬得频率太高被block了一小下，和credential没关系。你后面又work了是因为block的时间过去了……如果和credential有关，那这个API肯定所有的情况下没有credential都有问题。

[noahlias]

哈哈哈哈 好玄学， 就我刚点开的一个打不开

不过就我观察到的关于这个api 的issue来看 它的返回是-401 {"code":-401,"message":"非法访问"}不是大家所说的-509 {"code":-509,"message":"请求过于频繁，请稍后再试","ttl":1},我从网页能看是因为我当时还有登陆的cookie

为了避免cookie影响, 我重现了一下这个场景,在safari浏览器上,我删除了所有bilibili的cookie 访问id为2的：

访问之前的id:

另外我在bilibili-API-collect 项目文档里面找到一些关于401^1的说明,大部分issue^2提到如何解决这个问题都是关于加ua和cookie的方式, 之所以加credential是为了解决cookie共享问题 .