Cookie for checkout post request

[jlund7]

I have been trying and trying on this chrome extension that I have created, but every time I try to send the checkout POST request instead of getting a response of status: "queued", I get status: "failed". I have come to the conclusion that it is something to do with the cookie, please let me know how to trick the cookie into sending the request or what?

[rglenn415]

This is either with the cookie or with your headers. What I did was play around with the headers when pooky was down and try to purchase any item. Once the headers are accepted as legitimate, work on solving pooky

[jlund7]

cause the request gets a 200 status, and I have mimicked a legitimate request's headers other than the cookie, and it wont let me set a "unsafe" header for the cookie

[rglenn415]

Send me your post request headers. I probably spent 20+ hours working on header formatting, there are lots of small details. Inspect the headers on multiple browsers, in incognito, and other stuff like that

[jlund7]

I will post when I get home in a few hours

[jlund7]

var add_cart_url = "https://www.supremenewyork.com/shop/" + item_id + "/add.json"

    var http1 = new XMLHttpRequest();
    http1.open('POST', add_cart_url, true);

    //Send the proper header information along with the request
    http1.setRequestHeader('accept', 'application/json');
    http1.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
    http1.setRequestHeader('x-requested-with', 'XMLHttpRequest');

    http1.onreadystatechange = function() {//Call a function when the state changes.
        if(http1.readyState == 4 && http1.status == 200) {
            console.log(http1.responseText)
            chrome.runtime.sendMessage({redirect: "https://www.supremenewyork.com/mobile/#cart"});
        }
    }
    http1.send('st=' + item_color_id + '&s=' + item_size_id + '&qty=1');

---

var mobile_checkout = "https://www.supremenewyork.com/checkout.json"; var size_decoded = '{"' + item_size_id + '"'; var phone_formatted = result.phone_num.slice(0, 3) + "-" + result.phone_num.slice(3, 6) + "-" + result.phone_num.slice(6, 10); var card_formatted = result.card_num.slice(0, 4) + " " + result.card_num.slice(4, 8)

• " " + result.card_num.slice(8, 12) + " " + result.card_num.slice(12, 16);

  var cookie_sub1_encode = encodeURI(size_decoded);
  var cookie_sub2_encode = encodeURI('1}');
  
  console.log(cookie_sub1_encode + "%3A" + cookie_sub2_encode);
  
  var http2 = new XMLHttpRequest();
  http2.open('POST', mobile_checkout, true);
  
  //Send the proper header information along with the request
  http2.setRequestHeader('accept', 'application/json');
  http2.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
  http2.setRequestHeader('x-requested-with', 'XMLHttpRequest');
  
  http2.onreadystatechange = function() {//Call a function when the state changes.
      if(http2.readyState == 4 && http2.status == 200) {
          console.log(JSON.parse(http2.responseText));
      }
  }
  
  setTimeout(function() {
      http2.send('store_credit_id=&from_mobile=1&cookie-sub=' + encodeURI(cookie_sub1_encode + "%3A" + cookie_sub2_encode) + '&same_as_billing_address=1&order[billing_name]=&order[bn]=' + result.full_name 
      + '&order[email]=' + result.email + '&order[tel]=' + phone_formatted + '&order[billing_address]=' + result.address 
      + '&order[billing_address_2]=&order[billing_zip]=' + result.zip_code + '&order[billing_city]=' + result.city + '&order[billing_state]=' + result.state 
      + '&order[billing_country]=USA&credit_card[cnb]=' + card_formatted + '&credit_card[month]=' + result.card_month 
      + '&credit_card[year]=' + result.card_year + '&credit_card[rsusr]=' + result.card_cvv 
      + '&order[terms]=0&order[terms]=1&g-recaptcha-response=' + captcha_token);
  }, 1000);

[jlund7]

Not sure whit formatted the code like that, but there is where I set headers n whatnot

[jlund7]

Also for the headers there are some things that it will not let me set and says "Refused to set unsafe header"

[jlund7]

and also I cant get the checkout post request to work when I send it directly in the console of supremenewyork.com after I add the item to the cart manually. Not sure if this is the cookies or headers, please let me know if you are even able to send the checkout post request directly through the console, and if it returns a slug and status queued.

[rglenn415]

You are missing the correct headers and data fields. Keep playing with it more. You don't even have all the fields from the console log. Try firefox and chrome header inspecting

[jlund7]

I know I am missing the headers because it says "Refused to set unsafe header" for some of them and i basically mimicked the form data. I am sending the checkout post request mobile version of it. Not sure if I am suppose to be sending the regular version of the post request, but I will try that as well, appreciate it

[jlund7]

by chance do you know where the authenticity_token is being generated from in the form data and header?

[jlund7]

Alright I actually found the token, but now this is the same problem that goes back to the cookies, for whatever reason the cookies that get added to ATC try to add themselves into the checkout cookies response when they are not suppose to be there. set-cookie: cart=; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000 set-cookie: pure_cart=; path=/; max-age=0; expires=Thu, 01 Jan 1970 00:00:00 -0000 do you know a way to remove these Reponses from the request you send?

[jlund7]

are those 2 response set-cookie from the time not being set properly with the pooky proxies or something.... I know there is suppose to be a specific time set somewhere, do you know anything about that?