Authentication information to hit the API from scripts that require a Scrapbox login
Authentication information is set in the cookie while logged in with a browser. Use this.
This cookie is Secure and HttpOnly, so it is not known by looking at document.cookie.
To prevent cross-site scripting (XSS) attacks, HttpOnly cookies are inaccessible to JavaScript’s Document.cookie API
With Chrome Devtools, you can see it here.
Specifically, the name “connect.sid” contains authentication information. For example, when calling the API with requests, you can pass it as a cookie. python
cookies={"connect.sid": "..."}
r = requests.get("https://scrapbox.io/api/pages/...", cookies=cookies)
We need to be careful not to leak this information.
- If you leaked it, you can reset it by logging out and logging back in.
This page is auto-translated from /nishio/connect.sid using DeepL. If you looks something interesting but the auto-translated English is not good enough to understand it, feel free to let me know at @nishio_en. I’m very happy to spread my thought to non-Japanese readers.