PHP GuzzleHTTP | 基于Cookie的身份验证在首次请求失败后有效

RELEVANT

Guzzle Quickstart | Cookies

NOTES

  • This specific endpoint rejects all GET requests, but the website itself is customer facing so it accepts GET requests
  • I need a cookie to POST to this endpoint, but I cannot get the cookie until i make a request to this endpoint
  • The first request fails (403 Forbidden), but it obtains the cookie needed for the next request ... which works.

ATTEMPTS

  • without cookie ... failed
  • with 'Cookie' => 'cookie' header ... failed
  • copied cookie from a GET request in Firefox Dev tools when manually surfing the site as a user ... failed
  • copied cookie from a POST request to the specific endpoint in Firefox Dev tools when manually surfing the site as a user ... that worked!
  • read Guzzle Doc in the above link and passed ['cookies' => true] to the Guzzle Client
  • made a GET request to the front page with first request and then tried the second post request ... failed
  • made two identical POST requests to the specific endpoint ... that worked!

QUESTIONS

Is there a way to get an authorized cookie without intentionally failing a request? Or is this problem just endpoint specific and they do not want me to access their website this way ...

Why can I not use the cookie from the GET request?

CODE


$client = new GuzzleHttp\Client(['cookies' => true]);

$formParams = [
    'json' => [
        'request' => [
            'orderId' => 'XYZ123',
            'emailId' => 'name@email.com'
        ]
    ],
    'headers' => [
        'Host' => 'secure2.homedepot.com',
        'User-Agent' => 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0',
        'Accept' => 'application/json, text/plain, */*',
        'Accept-Language' => 'en-US,en;q=0.5',
        'Accept-Encoding' => 'gzip, deflate, br',
        'Referer' => 'https://secure.website.com/order/view/tracking',
        'Content-Type' => 'application/json;charset=utf-8',
        'Content-Length' => '88',
        'Connection' => 'keep-alive'
    ]
];


// first request will fail (403 Forbidden) ... but it gets the cookie
try {
    $response = $this->client->request('POST', 'https://secure.website.com/order/guest/details', $formParams);
} catch (\Exception $e) {
    Log::warning('first request failed ... but we wanted it too?');
}

// second request ... this works!
try {
    // Log::warning(print_r($formParams, true));
    $response = $this->client->request('POST', 'https://secure.website.com/order/guest/details', $formParams);
    return $response;
} catch (\Exception $e) {
    Log::warning($e->getMessage());
    return false;
}