csrf token

asset.go

@@ -7,6 +7,7 @@ import (
 	"net/http"
 	"net/url"
 	"strconv"
+	"strings"
 )
 
 type AssetUploadOptions struct {
@@ -57,10 +58,8 @@ func (s *Session) CreateAsset(options *AssetUploadOptions, f io.Reader) (AssetUp
 
 	endpoint.RawQuery = query.Encode()
 
-	req, err := http.NewRequest("POST", endpoint.String(), f)
-	req.Header.Set("user-agent", "Roblox/WinInet")
-	req.Header.Set("content-type", "application/xml")
-	req.Header.Set("accept", "application/json")
+	req, err := http.NewRequest("POST", endpoint.String(), nil)
+	req.Header.Set("user-agent", "Roblox")
 
 	// Perform request
 	resp, err := s.client.Do(req)
@@ -69,6 +68,18 @@ func (s *Session) CreateAsset(options *AssetUploadOptions, f io.Reader) (AssetUp
 	}
 	defer resp.Body.Close()
 
+	if resp.StatusCode == 403 && resp.Header.Get("X-Csrf-Token") != "" {
+		req, err := http.NewRequest("POST", endpoint.String(), f)
+		req.Header.Set("user-agent", "Roblox")
+		req.Header.Set("x-csrf-token", strings.Trim(resp.Header["X-Csrf-Token"][0], " "))
+		// Perform request
+		resp, err = s.client.Do(req)
+		if err != nil {
+			return aresp, err
+		}
+		defer resp.Body.Close()
+	}
+
 	if resp.StatusCode != 200 {
 		return aresp, fmt.Errorf(resp.Status)
 	}