Ask coding questions

← Back to all posts
What EXACTLY are the cookies I need to get a Replit user's data?

Okay so here's what I've got going on:

I have a project that will need to grab a user's profile picture given only their username. This can supposedly be done with I have verified that this does indeed work on my browser, but attempting to fetch something through this URL with Node gives me 403 Forbidden errors.

I've been told that I need to set the connect.sid cookie in order for me to do anything with this URL, but

doesn't change things.

What else would I need to get contents from /data/profiles?

Answered by ruiwenge2 [earned 5 cycles]
View Answer

@ruiwenge2 The API doesn't appear to work anymore (likely because it went with the janky web-scrape method) and it doesn't grab info from /data/profiles. Thanks though.


@SixBeeps or maybe this:

Because it only tries to get the pfp, the page takes less time to load.



@ruiwenge2 Hmm, it takes quite a bit to load still. It's a solution that I can work with for now.

I still want to avoid using web scraping as much as possible. That's why I'm specifically asking about /data/profiles, since that's where the raw stuff is kept.


it's set-cookie

and you have to actually go to your cookies and copy your connect.sid

So it becomes roughly:

yeah you need the other 2 and that's it. The replit errors should help you


@Coder100 I'm using node-fetch, and according to the documentation it's just cookie. Are you sure?

Also, in mat1's API, he was able to set the sid to Python's None, which is why I left it empty. Adding my personal sid didn't work when I tried it. I also added those other header fields and they didn't work when I tried them. I'll give them another go to see if something's changed though.


1. connect-sid is optional, you need it only when you need to make posts which here you probably aren't trying to do.
2. what's the error?


@Coder100 Read the post, I get 403s.

EDIT: To be specific, Cloudflare 1020s.


it works for me on python (bc python good) maybe I can make an API that fetches data from another API

alright, its done


@ch1ck3n In your API you're doing something with CORS. Could you explain that? I think that might be where I'm lacking atm.


@SixBeeps CORS means cross-origin-request-something and that means you can make an AJAX request from any website or webpage without landing in a security error


@ch1ck3n That has to be it then. Node has a CORS thing that I can apply to the Express server, I'll give that a go.

If that's it then I am going to actively mald.