Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Response 403 - Can't access member images #310

Open
asebold opened this issue Jan 22, 2025 · 10 comments
Open

Response 403 - Can't access member images #310

asebold opened this issue Jan 22, 2025 · 10 comments
Labels
bug Something isn't working

Comments

@asebold
Copy link

asebold commented Jan 22, 2025
edited
Loading

I'm unable to access member images using the Python Requests library.

Description of Problem

  1. When accessing member data using the member endpoint, a url to an image of the member is sometimes provided via the imageUrl property.

Example:
Url: https://api.congress.gov/v3/member/m001226/?api_key=DEMO_KEY&format=json
Response:

{
  "member": {
      "addressInformation": {
        "city": "Washington",
        "district": "DC",
        "officeAddress": "2453 Rayburn House Office Building",
        "phoneNumber": "(202) 225-7919",
        "zipCode": 20515
     },
    "bioguideId": "M001226",
    "birthYear": "1985",
    "cosponsoredLegislation": {
      "count": 285,
      "url": "https://api.congress.gov/v3/member/m001226/cosponsored-legislation"
     },
    "currentMember": true,
    "depiction": {
      "attribution": "Image courtesy of the Member",
      "imageUrl": "https://www.congress.gov/img/member/m001226_200.jpg"
    },
//...
  }
}

// Using the example above, the image url could be accessed at `response['member']['depiction']['imageUrl']`.
  1. When I visit the image url (ex: https://www.congress.gov/img/member/m001226_200.jpg) in my browser, I see the image of the member. When I try to obtain the image via the Python Requests library, I get a 403 response that appears to be generated by Cloudflare.

Example:

# Python

response = requests.get("https://www.congress.gov/img/member/m001226_200.jpg")

print('Response status:', response.status_code, '\n')
print('Response content:\n', response.content)

Response:

Response status: 403 

Response content:
 b'<!DOCTYPE html><html lang="en-US"><head><title>Just a moment...</title><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta http-equiv="X-UA-Compatible" content="IE=Edge"><meta name="robots" content="noindex,nofollow"><meta name="viewport" content="width=device-width,initial-scale=1"><style>*{box-sizing:border-box;margin:0;padding:0}html{line-height:1.15;-webkit-text-size-adjust:100%;color:#313131;font-family:system-ui,-apple-system,BlinkMacSystemFont,Segoe UI,Roboto,Helvetica Neue,Arial,Noto Sans,sans-serif,Apple Color Emoji,Segoe UI Emoji,Segoe UI Symbol,Noto Color Emoji}body{display:flex;flex-direction:column;height:100vh;min-height:100vh}.main-content{margin:8rem auto;max-width:60rem;padding-left:1.5rem}@media (width <= 720px){.main-content{margin-top:4rem}}.h2{font-size:1.5rem;font-weight:500;line-height:2.25rem}@media (width <= 720px){.h2{font-size:1.25rem;line-height:1.5rem}}#challenge-error-text{background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0ibm9uZSI+PHBhdGggZmlsbD0iI0IyMEYwMyIgZD0iTTE2IDNhMTMgMTMgMCAxIDAgMTMgMTNBMTMuMDE1IDEzLjAxNSAwIDAgMCAxNiAzbTAgMjRhMTEgMTEgMCAxIDEgMTEtMTEgMTEuMDEgMTEuMDEgMCAwIDEtMTEgMTEiLz48cGF0aCBmaWxsPSIjQjIwRjAzIiBkPSJNMTcuMDM4IDE4LjYxNUgxNC44N0wxNC41NjMgOS41aDIuNzgzem0tMS4wODQgMS40MjdxLjY2IDAgMS4wNTcuMzg4LjQwNy4zODkuNDA3Ljk5NCAwIC41OTYtLjQwNy45ODQtLjM5Ny4zOS0xLjA1Ny4zODktLjY1IDAtMS4wNTYtLjM4OS0uMzk4LS4zODktLjM5OC0uOTg0IDAtLjU5Ny4zOTgtLjk4NS40MDYtLjM5NyAxLjA1Ni0uMzk3Ii8+PC9zdmc+);background-repeat:no-repeat;background-size:contain;padding-left:34px}@media (prefers-color-scheme:dark){body{background-color:#222;color:#d9d9d9}}</style><meta http-equiv="refresh" content="390"></head><body class="no-js"><div class="main-wrapper" role="main"><div class="main-content"><noscript><div class="h2"><span id="challenge-error-text">Enable JavaScript and cookies to continue</span></div></noscript></div></div><script>(function(){window._cf_chl_opt={cvId: \'3\',cZone: "www.congress.gov",cType: \'managed\',cRay: \'9061c925fbf34d1d\',cH: \'knM9zvnEFLSZzipLWraK96Eqb.E3k.Eyn7HgsgRFmtw-1737572414-1.2.1.1-gT8YHuMXokAdgLZJCFOqksDE3gskI4UxfdRnhvfEj3F8a5bpkh.jS2vTUIgB52ke\',cUPMDTk: "\\/img\\/member\\/m001226_200.jpg?__cf_chl_tk=j9hJuhB0ypxgijuIYmXaIeUnzUhtjQBV5.I3_aKCRzM-1737572414-1.0.1.1-zTYllSr3umBewFMxoWlk_eL1WeWQX6vHmobWo4bQ9t0",cFPWv: \'g\',cITimeS: \'1737572414\',cTTimeMs: \'1000\',cMTimeMs: \'390000\',cTplC: 0,cTplV: 5,cTplB: \'cf\',cK: "",fa: "\\/img\\/member\\/m001226_200.jpg?__cf_chl_f_tk=j9hJuhB0ypxgijuIYmXaIeUnzUhtjQBV5.I3_aKCRzM-1737572414-1.0.1.1-zTYllSr3umBewFMxoWlk_eL1WeWQX6vHmobWo4bQ9t0",md: "ppt_ACH1MoPqCs8Md0YRoZFMXgAoAEDL5c5oNi83BzI-1737572414-1.2.1.1-CysPYkM8ykoHPcNnEz3IxbKs4ESlN7fLTJrR2l1yfUOwONoggXntq4kO9Zy1MB7I3Hd9WHgS9u8CsrAtoGHtAV8GaHQUJnQ8.ZHqLCTs.lKhAxVx0MDOfGi4qqO2AGmYu4tkugBhC27smeedXa_F21jsx9Xm6v7S0_jao5Mwa5inTGbup5wZT_O3S6vwJC9zeh.WDltvbeey7dFXRghlCzcC9rDpFkG91vJidaWAaIN9dBeZTEEz_Hlq0vf0vad4NyJhXMNo_utqc5q5.QT8HHwf55C2kGlvI1rVxuCN8dfgCO2YXxcyVEjHx1p.wgruT02XnCfPefKkYlKEcO0gg30c.z37YBPixB3sbak1G6k.4DQRyQMiUlf5RK3zTchD3613LYIvcCVzeaiOg_jers.u4xotXl9NZuQk4xN8a009i5ag41juZviPWGSYoNUN9lVdhDGa5SLwhDf_SCmgQFHW6367sCZLtAHObkITdQ6zTq8sckQd0kA7hea4x0ouLcDhCjcwm4pxGlwaIivRyzcTxbn_zxHkeQyk_hQA8rWxO0fp8eRw9r0sXd1w3u3jpLjVf6ZH4geQwSIj5TRKIz0rNsViFlZmK8MPZhpAI1dF0hrkoRq2i48h.4eXmgX55l98DS64dA2cUP75iMNVD8SiYU2Q4T2ViAKr8U0.o87No7mvpOFTYoIjcLEjEdecUOenvWw0oRkJH0ikKmmk05X3BvUuDYWdnS0XSdKUy8HhSIgSlYVfhC0NPH.aI_MzGP6vnlDV9Cu2JGisX0c72VHwHO1FDzfmDt60g3MlTZRnLPMB9mZJtwREgobn9n07NAflF1Sa9rnpDKX5ECuCdA98nGH659NEqXICuUkBOq3zZsDuA_4NFM9fiZOBlJyOYerGemPoYygCKnHRblJlnv7epvDbNXCBVFVjog22SAzRHFXJS4bY9_7_PV9YlO1krvb1OAUbslzHvpKuMx.MnXPA1BQPioYvSDs5dhlqNi.0U9mxmz0Pq6MBW9CenwvZQ95V_IDgyTQFPqkSWegAqTJ9gFhf.AthgvR.K_eOLuJiLx4ZgYeSWIBTxZt3vXv9qkLZo6aWzpXBwF5PFwXE.bGd0A9dHdpfADVA9RxQHMnejCaF1YIS3fYLM73LVkdy6Tvxm6a6E05ZF4I8pU0MNVpBqa1YzSXBbRLZy.42hAKSVXi8fKAHOErN9WvQU6fjmg50mdCN.0D7Gm2459HqSE09GSc4.eK4KB9J1fxSXaEbD5BRPVQOo_Vrg4MfW3VOa1evlWxd1HaiUOXSKUdSf9QHCu816S.9bKW9Fhl_x5njA0kc8v1sn9weqlUYirlU6ICLZUXKPHYi9wFt_dbFsF_VXxtGkwoAf7H9u.1Gm_ykfW9KfusxkVT_S8dhuziBGGGdMWIQ35.aNvocm.dv_EkxxcwyzCDcTci9x4GS7r8CEeefJDqaaxJUcauUmUSwlDL147ZHtD0yy1q3aC2ifxjyqHYSzesR43xz.3O1udgibiXN6PD7ITCVAhknTzvkoYL5qTYSuXaySrA1LbQmU30EgSrMnMtn_2tUCiMytzrotgE7vl9cg0TUp1nbJ6Kkgs3lBESfBrAKpl9ElCQHfSHwdZk908697TdIaCOya2mcLQZV80XEAD1wj6ulJp.40Y7lazb71uvuwHRw0Vt8oY3T4al.2mfMtyrQoVFcuuzDtxk.xskN_EF17h6J1Hbn9FxyiYV8O3JPb4lzWtkR924qeqtmX5Z22TpqjBfMhD7qBtvH1qj14eb6lkbvFYj3szIu3d0xt9bDGVJA4uuOzRLwB6rL2mD6BdIH5ONFi8m3.LeLSxYsvfxKCyf3R701Om2cpyPhNV5v49VvVp19TycWfyRbbRjn4BnjRAhU9Jsc8YVf3NkqP6X.eq32RDqI2p7aEj8q3Unzhl7jws3yNNmQijNYOmu9BGZZv07yWIRJB76G0BbYSwGnwc2CoE4s_wiH8ihb2cLhhEMh.Of5bTK7lIj0ipiQgICFtJgw4aAMv1UuwaKLURQgQk9CfMyQurxV9NdPc9XioVO6cXvtNGcZz3HjcOIYqCk_Uxy01Od8D2oz9zl7bm9o.VP8qd1wqyDJ.UP1EXJJ6uYl8qHXxK1IILp2yQ.VK_Q2TQFr9McNwyq49PjooxKp5hNueLkp.AMCevgAQICENSywknyfG9u8np_Pgz0AeM1BG0e04hV6N7dlq9SCpDWPQkRufKYyi5750XNy8SaemGRjf3V8HK.wSF1Qd56iu3f5rOcKYdH8hT44An.8rjAlhP5QG.z0VcK7.A1B.syhClYCAHRUICaomau8j0TU.ZognQbQlgOmuF5WMOYIpuVqHhNoMAT9",mdrd: "EdU.cutRvdLeWzIJcP2rgA6BPyjozrjSgd1qUWkGe1k-1737572414-1.2.1.1-TYaYuMyUI58EFEH.j2YIE6e8bifAnzo_XSSapTql9CYVbASEhUcDNJMNJhN7dh2D3cRXBeo4jlpVM5qw99Y9SadkvtxQTdnRxsUDxwH6fcs8OOzO8535JtTFH6sUaJTAoGvlsLs5xJYEHB1NcN3Xi2Rp10LACanAGIEbduZ2W0Q79b3BzQtJat0keAr5Um8cKW_xugDIjiQNoYgodhywJWvBVni1wMJ.Lnv_0_bDbLNEHPjJonaX4PfXOvG4HXbYJsqC4fYgBkiA_SIgrpQ0NQLskdF.xpAD8vXcNfYpikNWY.iGqXvKIuL4xQjBHYuF_tiEfJ6Qq7gGG3rrbI6UcxDpQvcVO0MmnNTRPYxmYmPUSI6MNW1FsR31OEtnfz8FXuDGRzX8rj5.wmqMZ6wkW1MFNSH3xhRK79sTfy5FZC_m9mjzv0brvJDC6R.zq8O9aYTxvw09Iic0W9RzTPUUB2_wqV5lXJA1oaDDHVov7xcO2lG726QHKEZ78QjnbQla3x.fNfHgC0DVs3o6VnyITrikMqxrZDGcAW_i2FnF2bhSA0zccWQUBuqWeMXCy5g528MNcfGx7nIF1GvDZADDv9lvoOWi6Ir_qba4OwHrYtMixUtpdCn1vRBNpeWqSqimBUdWbCyJM3TiYOcLEQS3_hwYBWDYLBFYIzT3hcbJaiMhhFt1cCVzi8ZivkgyyXDVIy7YhN6DvgG9qD1V.Z6TcS4.S0CrEEO1PswdJR_.hxth85W2SNsLoUQppdo6yBYlsifhCAQK81kfQeMy6p_U.f2zUosR6NYmiZHBMxaeGL.4SH.pcH6T2ffRaxS4xN3NjVP8lrMvqCphgLjSJIABJ6yBJPMGZRI4X_QrIKxxdoo8R085vkAHAHFgtf_opsxmJ4VC3rgrSlpJdPd5SdkVXlGxqUFSedthbZwyritUz0P3Hve3P9l4LqZECBpBGxbsipfR_GroBDJw3GZmiSBSKrqRrKFvHUyUSo0AfDzPBqVoZbzg2TbCOxzwNhZxDsTEos3jgJtnkAsXp6wXWoyMlPhAfqyJ6C1IPa304PmD31MgoO2lKwhde07nNHNLPuROIiEPjQdztcQKdWZiFK6wiKRy3sgpwKxDvojZesMJQ1_UCWS.E1.xjZytfs3NVgEX.Upqg.AiyLj4Q2sQikKjS18VA5cqVJCRGqvJPpko..Y9yLKlUxiIqTlURihBKZcb4HAm0EVAcZ1HqTxW0tmG_rWweakHKGExTml1CNyl.SxAu2U8R8zBte97oOg6Cf6bjruKjIt6VoCbjvtxjOKTVGaLF0BtJhlJdXrDaJVfcBngk359oCF21mRz_IHfBvdZpgHL2.YQWg8jGo78RwI9hwns5Fb05BbDFSljcoO8bIhm_PfSbvJ2jaKgwhvrq3_n0X9FSxevOieOp5L7pr9xOZvIsWRsZMhZbaQtc8Aa4VrzkkKMY7FkfMInAH7lnN8HhNnI0qoOOneOkx9NcKlVBvLecIvZTmO906E6PQDFOvC6IE3._uU2H70x5iU32ho8I_bFr9oaiiLZJs34mcftBNcExwA5AuJY8KIdkvhX85xgrzdRDKYpxrn37Qb4L0_tLO_DLhJEoWU7YHykGQl9Qhc3JgoJpxdyVA7ti4awHnqJE_7bCgqIo.0V2w.Y5yhuQrdGYhl45sGf0tGISswfAAiyisqoR3DG1AaIVijEu4vxFILYNPzLMawXBlrFL1KkZJ1282PBe43xQvj4oMefnssAM1rYx5BEzys310bccV7cDOmaA.YtQPEYQwwCW1K6oV4j0Gl_o46it5e.1jNQR.iIHMOhKuLTbPoA98jTfeEK2x5Tzzpwj6ya3TNOJRoHWR9hBa_kChasbc0Lt.7L5f3KmKyq6Mz8p8ar0w1DF7BgadIStpqYIBSbSf_yaCNzBlN4gD5aKcFjzFvOYWf5TxMixnvXYInElCWAWrJNeUh8CMwdkYpDQk8YKYsCC1hFYult1DX77TfC618_1QhnnWBGqU9CpR9GWOWiRzLECu.Zm_2HYczk_1vk2JzzUXjkWJdsZ6.xd8SKyHm2jrycH2Rs_TI74P35Zqg3vY89ttUdna9w8buyXTRp3zLWKSHf7FedCvWrkSNiEsOvOq2eYV4Hh1Ky0Ja3sKKXz62uxY.0VZjYz7A5ArIGBD1IxBAA4P01AZd7hPEz1DJDD9I924NyoGrrFzlw2WMP7XFYy8oht7G5xh4RBOG.2rGTWIDvvzrBJiGzgzuxN_DZRFusBQ"};var cpo = document.createElement(\'script\');cpo.src = \'/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=9061c925fbf34d1d\';window._cf_chl_opt.cOgUHash = location.hash === \'\' && location.href.indexOf(\'#\') !== -1 ? \'#\' : location.hash;window._cf_chl_opt.cOgUQuery = location.search === \'\' && location.href.slice(0, location.href.length - window._cf_chl_opt.cOgUHash.length).indexOf(\'?\') !== -1 ? \'?\' : location.search;if (window.history && window.history.replaceState) {var ogU = location.pathname + window._cf_chl_opt.cOgUQuery + window._cf_chl_opt.cOgUHash;history.replaceState(null, null, "\\/img\\/member\\/m001226_200.jpg?__cf_chl_rt_tk=j9hJuhB0ypxgijuIYmXaIeUnzUhtjQBV5.I3_aKCRzM-1737572414-1.0.1.1-zTYllSr3umBewFMxoWlk_eL1WeWQX6vHmobWo4bQ9t0" + window._cf_chl_opt.cOgUHash);cpo.onload = function() {history.replaceState(null, null, ogU);}}document.getElementsByTagName(\'head\')[0].appendChild(cpo);}());</script></body></html>'

Questions

  • Is there a work around for accessing these images? A similar issue was brought up in #192, which was closed without providing a solution or work around.
  • Could the Cloudflare challenge be removed for these images?
  • Could these images be made available through https://api.congress.gov as opposed to https://congress.gov? This way api keys and rate limiting would still be enforced, perhaps relieving the need for the Cloudflare challenge.
@rbram
Copy link
Collaborator

rbram commented Jan 22, 2025

Hello. Sure, we will take a look at this.

@Gmanicus
Copy link

Gmanicus commented Jan 22, 2025
edited
Loading

Funny, just yesterday I was attempting to do the same. Simply providing a User Agent and Sec-Ch-Ua header in the request should be enough to make it work in the meantime.

@asebold
Copy link
Author

asebold commented Jan 23, 2025

@Gmanicus This didn't work for me.

"User-Agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36",
"Sec-Ch-Ua": '"Google Chrome";v="131", "Chromium";v="131", ";Not A Brand";v="99"',

What did you use for those headers?
I tried adding other headers as well and am still getting a 403 response.

@Gmanicus
Copy link

🤔 Odd.

'User-Agent': 'Fetch',
'Sec-Ch-Ua': '"Brave";v="131", "Chromium";v="131", "Not_A Brand";v="24"'

Appears to be the magic combination.

@asebold
Copy link
Author

asebold commented Jan 24, 2025

@Gmanicus Hm, I tried this on my linux desktop and my mac and still got a 403 response. I used different networks too. Can you share more of your code and perhaps the versions of Python and Requests you are using?

@Gmanicus
Copy link

Gmanicus commented Jan 25, 2025
edited
Loading

@asebold Ah, I would be happy to, but unfortunately it looks like this is just inconsistency from Cloudflare. I'm starting to see mostly 403 Forbidden as well now. Odd thing is, making the request through Postman never sees a 403 response. Sorry about that.

Edit: Got it working again by making requests over HTTP/2. Looks like you can do that in Python using the HTTPX package.

@apreiter18
Copy link
Collaborator

Hello - we are actively looking into this. Stay tuned for updates. Thanks!

@apreiter18 apreiter18 added the bug Something isn't working label Jan 27, 2025
@apreiter18
Copy link
Collaborator

apreiter18 commented Feb 3, 2025
edited
Loading

@asebold, @Gmanicus -

We made a change that should resolve this issue. Can you please confirm (or correct) if things are working for you?

Thanks!

@asebold
Copy link
Author

asebold commented Feb 3, 2025

@apreiter18

I'm still getting the same 403 response. Are there certain headers or parameters I should include in the request?

@Gmanicus
Copy link

Gmanicus commented Feb 4, 2025
edited
Loading

Looks like the same behavior from my end as well (In a script. Notably, requests via Postman work fine).

  • Raw GET request: 403
  • GET request with user-agent: 403
  • GET request with user-agent and Sec-Ch-Ua: 403

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@asebold @Gmanicus @rbram @apreiter18