5c6dcafa34
chatgpt.com uses Cloudflare's TLS fingerprinting (JA3/JA4) which blocks Python requests regardless of cookies. curl_cffi impersonates Chrome's exact TLS handshake, making requests indistinguishable from a real browser at the transport layer. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
27 lines
958 B
Python
27 lines
958 B
Python
"""Debug script — checks what /api/auth/session returns using curl_cffi Chrome impersonation."""
|
|
import os
|
|
from dotenv import load_dotenv
|
|
from curl_cffi import requests as curl_requests
|
|
|
|
load_dotenv()
|
|
token = os.getenv("CHATGPT_SESSION_TOKEN")
|
|
if not token:
|
|
print("ERROR: CHATGPT_SESSION_TOKEN not found in .env")
|
|
raise SystemExit(1)
|
|
|
|
s = curl_requests.Session(impersonate="chrome120")
|
|
s.cookies.set("__Secure-next-auth.session-token", token, domain="chatgpt.com", path="/")
|
|
s.headers.update({
|
|
"Referer": "https://chatgpt.com/",
|
|
"Accept": "*/*",
|
|
"sec-fetch-dest": "empty",
|
|
"sec-fetch-mode": "cors",
|
|
"sec-fetch-site": "same-origin",
|
|
})
|
|
|
|
print("Calling /api/auth/session (with Chrome TLS impersonation) ...")
|
|
r = s.get("https://chatgpt.com/api/auth/session", timeout=15)
|
|
print(f"Status: {r.status_code}")
|
|
print(f"Content-Type: {r.headers.get('content-type', '(none)')}")
|
|
print(f"Response body (first 500 chars):\n{r.text[:500]}")
|