logoChat01.ai

pq o cloudflare bloqueia meu request: curl 'https:...

Tạo vào: 18 tháng 8, 2025

Trả lời bằng GPT-5 Thinking bởi Chat01

Câu hỏi

pq o cloudflare bloqueia meu request: curl 'https://lmarena.ai/api/stream/create-evaluation'
-H 'accept: /'
-H 'accept-language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7'
-H 'content-type: text/plain;charset=UTF-8'
-b '_ga=GA1.1.909869449.1755264001; __client_uat=0; __clerk_db_jwt=dvb_31KEMbfYX1Btcuyu2SmWj5diS6R; _ga_N6MCLSNCLZ=GS2.1.s1755264349o1o1g1t1755266147t1755266147j60l0l0h0; __cf_bm=zKViMODT80VSRc6yPWOil8YjrTYQGIb9_INO8tZD9lo-1755515926-1.0.1.1-g7.jQJBg5BNVfeDwksJLNytOCvzlCDJkaXTXplqOzu_oAhjcWPhmqs40d22Q8U6TT_hYZvk8tcY2ZimgXLk8WvADEufrSDgMqWaxq9O1QeM; arena-auth-prod-v1=base64-eyJhY2Nlc3NfdG9rZW4iOiJleUpoYkdjaU9pSklVekkxTmlJc0ltdHBaQ0k2SWtOVFQwNHhkM05uU0hkRlNFTkNNbGNpTENKMGVYQWlPaUpLVjFRaWZRLmV5SnBjM01pT2lKb2RIUndjem92TDJoMWIyZDZiMlZ4ZW1OeVpIWnJkM1IyYjJScExuTjFjR0ZpWVhObExtTnZMMkYxZEdndmRqRWlMQ0p6ZFdJaU9pSTJOVGM1TXpNeVlTMDFNbU15TFRRMk9XSXRPVGc0WmkxaU16TmhZMlJtTkdVMlpEVWlMQ0poZFdRaU9pSmhkWFJvWlc1MGFXTmhkR1ZrSWl3aVpYaHdJam94TnpVMU5URTVOVE14TENKcFlYUWlPakUzTlRVMU1UVTVNekVzSW1WdFlXbHNJam9pSWl3aWNHaHZibVVpT2lJaUxDSmhjSEJmYldWMFlXUmhkR0VpT250OUxDSjFjMlZ5WDIxbGRHRmtZWFJoSWpwN0ltbGtJam9pTlRCaFpEUm1ZV0l0WVdJME15MDBaRFJtTFRreVpXSXRZV0ptWlRFNU5URXhaV1U1SW4wc0luSnZiR1VpT2lKaGRYUm9aVzUwYVdOaGRHVmtJaXdpWVdGc0lqb2lZV0ZzTVNJc0ltRnRjaUk2VzNzaWJXVjBhRzlrSWpvaVlXNXZibmx0YjNWeklpd2lkR2x0WlhOMFlXMXdJam94TnpVMU1qWTBNREEyZlYwc0luTmxjM05wYjI1ZmFXUWlPaUptTURFeU1XUTBNaTFoWW1NNUxUUmpaV0l0WVRGbE55MHdOR0prT1dOa1pETTFNakFpTENKcGMxOWhibTl1ZVcxdmRYTWlPblJ5ZFdWOS5JbG1zaGhPcENfRkR4MkJfYzFPMDRwaEJvTjIyVm5XQ3ZTZzNpZkRWbWg4IiwidG9rZW5fdHlwZSI6ImJlYXJlciIsImV4cGlyZXNfaW4iOjM2MDAsImV4cGlyZXNfYXQiOjE3NTU1MTk1MzEsInJlZnJlc2hfdG9rZW4iOiI3eXZraDR2Mm95dGwiLCJ1c2VyIjp7ImlkIjoiNjU3OTMzMmEtNTJjMi00NjliLTk4OGYtYjMzYWNkZjRlNmQ1IiwiYXVkIjoiYXV0aGVudGljYXRlZCIsInJvbGUiOiJhdXRoZW50aWNhdGVkIiwiZW1haWwiOiIiLCJwaG9uZSI6IiIsImxhc3Rfc2lnbl9pbl9hdCI6IjIwMjUtMDgtMTVUMTM6MjA6MDYuMjY3MTg0WiIsImFwcF9tZXRhZGF0YSI6e30sInVzZXJfbWV0YWRhdGEiOnsiaWQiOiI1MGFkNGZhYi1hYjQzLTRkNGYtOTJlYi1hYmZlMTk1MTFlZTkifSwiaWRlbnRpdGllcyI6W10sImNyZWF0ZWRfYXQiOiIyMDI1LTA4LTE1VDEzOjIwOjA2LjI2NTcxMVoiLCJ1cGRhdGVkX2F0IjoiMjAyNS0wOC0xOFQxMToxODo0Ny4xMTA3NDlaIiwiaXNfYW5vbnltb3VzIjp0cnVlfX0; cf_clearance=L6.8YVuCxHAtU58_zxY4hTbeX7Oka6NebIP4E2FKgK8-1755515991-1.2.1.1-GxbIoov7gOMuskXt2W7fdNJdPMN2lEyNofMrNWgxzSL.OL4.FcVxpmETOoncU6zLgX3vZUh9DEkTxz1cLCJCgaifTNxH7VX_RR8yHaQuPzwzrLULWR08tufdfrkVAqj6ilUjG7fmkg3IUioWLx6.uq.Ivd.HMs9rbVSIiRcEG1z0xyWPd_SaZmnfSksuc_W97zDQiIq_RIlAxQagXSPSM664MnNkRlfPMuZ916hl9kewFQlzhWEIGRFAEZBdrxAP; ph_phc_LG7IJbVJqBsk584rbcKca0D5lV2vHguiijDrVji7yDM_posthog=%7B%22distinct_id%22%3A%2250ad4fab-ab43-4d4f-92eb-abfe19511ee9%22%2C%22%24sesid%22%3A%5B1755516120297%2C%220198bce7-4efc-72cd-bd68-ede97fcf6ba0%22%2C1755515932412%5D%2C%22%24epp%22%3Atrue%2C%22%24initial_person_info%22%3A%7B%22r%22%3A%22%24direct%22%2C%22u%22%3A%22https%3A%2F%2Flmarena.ai%2F%22%7D%7D; _ga_72FK1TMV06=GS2.1.s1755515932o2o2g1t1755516120t1755516120j20l0l0h0'
-H 'origin: https://lmarena.ai'
-H 'priority: u=1, i'
-H 'referer: https://lmarena.ai/'
-H 'sec-ch-ua: "Not;A=Brand";v="99", "Google Chrome";v="139", "Chromium";v="139"'
-H 'sec-ch-ua-arch: "x86"'
-H 'sec-ch-ua-bitness: "64"'
-H 'sec-ch-ua-full-version: "139.0.7258.128"'
-H 'sec-ch-ua-full-version-list: "Not;A=Brand";v="99.0.0.0", "Google Chrome";v="139.0.7258.128", "Chromium";v="139.0.7258.128"'
-H 'sec-ch-ua-mobile: ?0'
-H 'sec-ch-ua-model: ""'
-H 'sec-ch-ua-platform: "Windows"'
-H 'sec-ch-ua-platform-version: "19.0.0"'
-H 'sec-fetch-dest: empty'
-H 'sec-fetch-mode: cors'
-H 'sec-fetch-site: same-origin'
-H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36'
--data-raw '{"id":"ec5ed15c-ea21-4764-9570-14ded4079e51","mode":"battle","userMessageId":"1869f827-b4c2-4bf6-93c1-a35771ed8b31","modelAMessageId":"61173745-f689-4790-b931-594ca8f1a662","modelBMessageId":"63e45bbd-da62-49da-a616-0471572e19db","messages":[{"id":"1869f827-b4c2-4bf6-93c1-a35771ed8b31","role":"user","content":"Low-angle cinematic shot of a Formula 1 pit crew helmet, towering in the frame. The glossy visor reflects a Formula 1 race car entering the pit lane, mechanics rushing around. The reflection is slightly warped by the visor curve, creating a dramatic perspective. Strong contrast, warm natural light, high-detail textures of helmet and visor. Editorial motorsport aesthetic.","experimental_attachments":[],"parentMessageIds":[],"participantPosition":"a","modelId":null,"evaluationSessionId":"ec5ed15c-ea21-4764-9570-14ded4079e51","status":"pending","failureReason":null},{"id":"61173745-f689-4790-b931-594ca8f1a662","role":"assistant","content":"","experimental_attachments":[],"parentMessageIds":["1869f827-b4c2-4bf6-93c1-a35771ed8b31"],"participantPosition":"a","modelId":null,"evaluationSessionId":"ec5ed15c-ea21-4764-9570-14ded4079e51","status":"pending","failureReason":null},{"id":"63e45bbd-da62-49da-a616-0471572e19db","role":"assistant","content":"","experimental_attachments":[],"parentMessageIds":["1869f827-b4c2-4bf6-93c1-a35771ed8b31"],"participantPosition":"b","modelId":null,"evaluationSessionId":"ec5ed15c-ea21-4764-9570-14ded4079e51","status":"pending","failureReason":null}],"modality":"chat"}' ?

Suy nghĩ

Diagnosing Cloudflare Block

We don’t need to fetch the latest info here, but it's clear that lmarena.ai is protected. The user included a cf_clearance cookie, so we can proceed with suggestions. I recommend using their public API, checking for potential challenges like Turnstile or JS verification, and using tools like "Cloudflare trace" or curl commands to diagnose the block.

Cloudflare Access Solutions

I’d suggest using the proper API endpoint with a server token or, if needed, leveraging their own browser cookie with the 'x-cf-turnstile-token' header. However, I need to be cautious about advising bypassing security measures. Instead, I'll recommend legitimate options like seeking API access or using official integrations.

Cloudflare Access Guidance

We shouldn't guide users on bypassing Cloudflare directly. I'll remind them not to share cookies as they can carry private tokens and suggest clearing sessions. My focus will remain on giving practical advice in a casual, helpful tone in Brazilian Portuguese. I'll also mention typical Cloudflare issues (like 1020 or 403 errors) and potential CORS concerns.

Cloudflare Header Advice

The issue seems to be server-side, requiring specific headers like 'application/json' rather than 'Accept: /'. Cloudflare blocks before the server can see the request, so header spoofing could trigger security measures. It's better to use minimal headers like 'content-type: application/json' and avoid client hint headers like 'sec-ch-ua.*'.

Analysing Cloudflare Block

Prováveis motivos (o mais comum e provavelmente o seu):

  1. Cookies não funcionarão via cURL — restritos por IP/UA, __cf_bm efêmero, cf_clearance expira rápido.
  2. Sec-ch-ua detectado; cabeçalhos precisam 'Accept-CH'.
  3. Faltam o token Turnstile/CSRF.
  4. Cabeçalhos ausentes podem gerar 403.

O que fazer (sem 'dar jeitinho' anti-bot):

  • Use endpoint oficial / solicite chave.
  • Faça chamadas via navegador, ou use SDK.
  • Se necessário com cURL, use sessão válida e token Turnstile.

Thought for 1m 35s

Trả lời

Resumo rápido: você está tentando chamar, via curl, um endpoint que foi feito para ser usado pelo front-end do site, protegido pela Cloudflare + autenticação (Clerk) + possivelmente Turnstile/WAF. Copiar cookies do navegador e simular headers de browser quase sempre cai no bot-detector da Cloudflare — por isso o bloqueio.

Aqui estão os motivos mais prováveis (no seu comando dá para ver vários sinais):

  1. Cookies inválidos fora do navegador
    __cf_bm e cf_clearance são temporários, atrelados ao IP/navegador/desafio recente. Reaproveitar esses valores em curl normalmente resulta em 403/1020.

  2. Faltam sinais do desafio (Turnstile/JS challenge)
    O front adiciona um token (p.ex. cf-turnstile-response) ou passa por um challenge que curl não executa. Sem isso, a regra do WAF barra o POST.

  3. Headers “de browser” inconsistentes
    Você está enviando sec-ch-ua*, priority, etc. Esses client hints são emitidos pelo Chrome sob condições específicas (negociação via Accept-CH). Em curl eles parecem falsos → aumenta a suspeita de automação.

  4. Autenticação/CSRF do app
    O endpoint parece exigir sessão do Clerk (arena-auth-prod-v1) e possivelmente um cabeçalho/CSRF que o front injeta. Só o cookie não basta.

  5. Content-Type divergente
    Você envia JSON, mas está usando content-type: text/plain;charset=UTF-8. Mesmo que passasse da Cloudflare, a aplicação poderia recusar o corpo.

O que fazer (sem “driblar” a proteção):

  • Use a API oficial (se existir) com chave/Authorization própria para uso server-side. Endpoints front-end protegidos por Cloudflare não são APIs públicas.
  • Chame pelo navegador (ou SDK do próprio site) como eles planejaram.
  • Fale com o suporte/admin do serviço e peça um fluxo de API programática (token estável, IPs permitidos, etc.).

Se ainda quiser diagnosticar por conta própria (seguro e ético):

  • Veja o status e quem respondeu:

    bash
    curl -i 'https://lmarena.ai/api/stream/create-evaluation' \
  -H 'content-type: application/json' \
  --data '{"ping":true}'

    Se vier Server: cloudflare e um cf-ray com 403/1020, é bloqueio do WAF/anti-bot.

  • Corrija o Content-Type se for JSON:
    -H 'content-type: application/json' (e mantenha o corpo como JSON válido).

  • Não envie headers sec-ch-ua*, priority, sec-fetch-*, origin/referer manualmente — isso piora o “fingerprint”.

⚠️ Importante: você colou cookies/sessão sensíveis (inclui cf_clearance, __cf_bm, arena-auth-prod-v1). Recomendo encerrar sessões/logins nesse site e limpar cookies para evitar uso indevido.

Se você me disser o código de status e os headers da resposta (sem reenviar cookies!), eu te digo exatamente qual regra está pegando (ex.: 1020 = WAF policy, 1010 = “bad browser”, etc.) e qual caminho correto seguir.

Câu hỏi

curl 'https://poe.com/api/gql_POST'
-H 'accept: /'
-H 'accept-language: pt-BR,pt;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6'
-H 'content-type: application/json'
-b 'p-b=cXWeil8gJ3zMpf2AuRFvQA%3D%3D; _gcl_au=1.1.946112759.1755265970; _fbp=fb.1.1755265970375.816893481298705391; poe-tchannel-channel=poe-chan102-8888-phrnrmpzrzgsiehansxx; __cf_bm=4GirQESqwXRNbnR9jFNQcD2nlVtD0lxwNUZJRZW8_5U-1755516717-1.0.1.1-ft6wqjCqM24342LtOwGtHj5zZ6QYXE5FTfSEVhJP_cnLaAm3_VBFpYFJNiwxMBCSLAuKM6IPWgT7ZbPcXyApK7dUZ8kejG58gIAwuNh8Nak; cf_clearance=CHYI0JQ0kRgXug8DkGDQpI.16prINUXlqiPR1Zet_fc-1755516717-1.2.1.1-c2p9GDlZPLIdHH7hrOK8BNNn4R1Scg6B3YhYI_XssDnE618FalQyMtSyb38XLY7aHl0AQtqIFPBc8ESAOHSvTatZDcA0MX5eogK_jLMVsben5j1nIPLi6v3DpgY4AJ.JLxApWP98_QI6rMsCZmiWM11Sjv_q5fzU3nEJXDsJOKU30M_oJTJ9Qag4_BaSSBX0ZItovin9tva9WoyySt93rcnrLYknO162tI2TdDMtz7k; OptanonConsent=isGpcEnabled=0&datestamp=Mon+Aug+18+2025+08%3A32%3A30+GMT-0300+(Hor%C3%A1rio+Padr%C3%A3o+de+Bras%C3%ADlia)&version=202405.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=NotLandingPage&groups=C0001%3A1%2CC0003%3A1%2CC0004%3A1&AwaitingReconsent=false&geolocation=BR%3BSC; OptanonAlertBoxClosed=2025-08-18T11:32:30.014Z; p-sb=o'
-H 'origin: https://poe.com'
-H 'poe-formkey: 127b4aecc2ba9558f48107da73641d04'
-H 'poe-queryname: sendMessageMutation'
-H 'poe-revision: 203c03c68e500a5aa806ff20970fd69ee7f1e158'
-H 'poe-tag-id: 5cc2967da2f2720b174d90d963d88677'
-H 'poe-tchannel: poe-chan102-8888-phrnrmpzrzgsiehansxx'
-H 'poegraphql: 0'
-H 'priority: u=1, i'
-H 'referer: https://poe.com/GPT-5'
-H 'sec-ch-ua: "Not;A=Brand";v="99", "Microsoft Edge";v="139", "Chromium";v="139"'
-H 'sec-ch-ua-mobile: ?0'
-H 'sec-ch-ua-platform: "Windows"'
-H 'sec-fetch-dest: empty'
-H 'sec-fetch-mode: cors'
-H 'sec-fetch-site: same-origin'
-H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139.0.0.0'
--data-raw '{"queryName":"sendMessageMutation","variables":{"chatId":null,"bot":"GPT-5","query":"Quatro cidades A, B, C e D estão ligadas por seis pontes distintas da seguinte maneira:\n\n \n\n– uma ponte liga A e B;\n\n– uma ponte liga A e C;\n\n– uma ponte liga B e C;\n\n– duas pontes ligam B e D;\n\n– uma ponte liga C e D.\n\n \n\nQuantos caminhos são possíveis ligando todas as cidades e passando por todas as pontes uma única vez, sabendo que é permitido passar em uma mesma cidade mais de uma vez?","source":{"sourceType":"chat_input","chatInputMetadata":{"useVoiceRecord":false}},"clientNonce":"YIX2WAhtVRTsyofZ","sdid":"52962349-086a-47b2-abe1-f880cc6b7b6a","attachments":[],"existingMessageAttachmentsIds":[],"shouldFetchChat":true,"referencedMessageId":null,"parameters":null,"fileHashJwts":[]},"extensions":{"hash":"c877ecaabad9cc7bf70f5aef44aafc65b0ac9b4b13abcc15464aee443d482f41"}}' e ele retorna vários 'receive-post', quero executar fora da front end, como? curl 'https://poe.com/api/receive_POST'
-H 'accept: /'
-H 'accept-language: pt-BR,pt;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6'
-H 'content-type: application/json'
-b 'p-b=cXWeil8gJ3zMpf2AuRFvQA%3D%3D; _gcl_au=1.1.946112759.1755265970; _fbp=fb.1.1755265970375.816893481298705391; poe-tchannel-channel=poe-chan102-8888-phrnrmpzrzgsiehansxx; __cf_bm=4GirQESqwXRNbnR9jFNQcD2nlVtD0lxwNUZJRZW8_5U-1755516717-1.0.1.1-ft6wqjCqM24342LtOwGtHj5zZ6QYXE5FTfSEVhJP_cnLaAm3_VBFpYFJNiwxMBCSLAuKM6IPWgT7ZbPcXyApK7dUZ8kejG58gIAwuNh8Nak; cf_clearance=CHYI0JQ0kRgXug8DkGDQpI.16prINUXlqiPR1Zet_fc-1755516717-1.2.1.1-c2p9GDlZPLIdHH7hrOK8BNNn4R1Scg6B3YhYI_XssDnE618FalQyMtSyb38XLY7aHl0AQtqIFPBc8ESAOHSvTatZDcA0MX5eogK_jLMVsben5j1nIPLi6v3DpgY4AJ.JLxApWP98_QI6rMsCZmiWM11Sjv_q5fzU3nEJXDsJOKU30M_oJTJ9Qag4_BaSSBX0ZItovin9tva9WoyySt93rcnrLYknO162tI2TdDMtz7k; OptanonConsent=isGpcEnabled=0&datestamp=Mon+Aug+18+2025+08%3A32%3A30+GMT-0300+(Hor%C3%A1rio+Padr%C3%A3o+de+Bras%C3%ADlia)&version=202405.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=NotLandingPage&groups=C0001%3A1%2CC0003%3A1%2CC0004%3A1&AwaitingReconsent=false&geolocation=BR%3BSC; OptanonAlertBoxClosed=2025-08-18T11:32:30.014Z; p-sb=o'
-H 'origin: https://poe.com'
-H 'poe-formkey: 127b4aecc2ba9558f48107da73641d04'
-H 'poe-revision: 203c03c68e500a5aa806ff20970fd69ee7f1e158'
-H 'poe-tag-id: 4483ba3141d87bfd8fb2e61799446752'
-H 'priority: u=1, i'
-H 'referer: https://poe.com/chat/s7znce8sjupxvdx2wh'
-H 'sec-ch-ua: "Not;A=Brand";v="99", "Microsoft Edge";v="139", "Chromium";v="139"'
-H 'sec-ch-ua-mobile: ?0'
-H 'sec-ch-ua-platform: "Windows"'
-H 'sec-fetch-dest: empty'
-H 'sec-fetch-mode: cors'
-H 'sec-fetch-site: same-origin'
-H 'user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36 Edg/139.0.0.0'
--data-raw '[{"category":"poe/message_added_subscription_timer","data":{"messageId":424386855739,"deltas":[{"timeDelta":0,"sizeDelta":0,"deltaIdx":1373},{"timeDelta":73,"sizeDelta":9,"deltaIdx":1374},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1375},{"timeDelta":68,"sizeDelta":13,"deltaIdx":1376},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1377},{"timeDelta":66,"sizeDelta":19,"deltaIdx":1378},{"timeDelta":1,"sizeDelta":0,"deltaIdx":1379},{"timeDelta":64,"sizeDelta":18,"deltaIdx":1380},{"timeDelta":1,"sizeDelta":0,"deltaIdx":1381},{"timeDelta":81,"sizeDelta":24,"deltaIdx":1382},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1383},{"timeDelta":74,"sizeDelta":13,"deltaIdx":1384},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1385},{"timeDelta":64,"sizeDelta":13,"deltaIdx":1386},{"timeDelta":1,"sizeDelta":0,"deltaIdx":1387},{"timeDelta":75,"sizeDelta":15,"deltaIdx":1388},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1389},{"timeDelta":65,"sizeDelta":11,"deltaIdx":1390},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1391},{"timeDelta":70,"sizeDelta":18,"deltaIdx":1392},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1393},{"timeDelta":66,"sizeDelta":5,"deltaIdx":1394},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1395},{"timeDelta":66,"sizeDelta":14,"deltaIdx":1396},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1397},{"timeDelta":53,"sizeDelta":23,"deltaIdx":1398},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1399},{"timeDelta":81,"sizeDelta":18,"deltaIdx":1400},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1401},{"timeDelta":84,"sizeDelta":16,"deltaIdx":1402},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1403},{"timeDelta":51,"sizeDelta":12,"deltaIdx":1404},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1405},{"timeDelta":74,"sizeDelta":21,"deltaIdx":1406},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1407},{"timeDelta":63,"sizeDelta":10,"deltaIdx":1408},{"timeDelta":1,"sizeDelta":0,"deltaIdx":1409},{"timeDelta":52,"sizeDelta":14,"deltaIdx":1410},{"timeDelta":1,"sizeDelta":0,"deltaIdx":1411},{"timeDelta":84,"sizeDelta":4,"deltaIdx":1412},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1413},{"timeDelta":61,"sizeDelta":7,"deltaIdx":1414},{"timeDelta":1,"sizeDelta":0,"deltaIdx":1415},{"timeDelta":70,"sizeDelta":4,"deltaIdx":1416},{"timeDelta":0,"sizeDelta":0,"deltaIdx":1417},{"timeDelta":65,"sizeDelta":10,"deltaIdx":1418},{"timeDelta":1,"sizeDelta":0,"deltaIdx":1419},{"timeDelta":68,"sizeDelta":12,"deltaIdx":1420},{"timeDelta":1,"sizeDelta":0,"deltaIdx":1421}]}},{"category":"poe/statsd_event","data":{"category":"count","key":"poe.message.heartbeat.complete","value":1,"extra_data":{"messageId":"424386855739"}}},{"category":"poe/statsd_event","data":{"category":"count","key":"poe.job.heartbeat.complete","value":1,"extra_data":{"jobId":"6576483100","heartbeatHistory":"sendMessage:not_started, jobStarted:not_started, jobUpdated:not_started, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:running, jobUpdated:completed","source":"jobUpdated","jobState":"completed"}}},{"category":"poe/statsd_event","data":{"category":"time","key":"poe.speed.product.follow_up_action.item","value":231,"extra_data":{"followupAction":"SendMessageFollowupAction","messageId":424386855739,"index":0}}},{"category":"poe/statsd_event","data":{"category":"time","key":"poe.speed.product.follow_up_action.item","value":231,"extra_data":{"followupAction":"SendMessageFollowupAction","messageId":424386855739,"index":1}}},{"category":"poe/statsd_event","data":{"category":"time","key":"poe.speed.product.follow_up_action.item","value":231,"extra_data":{"followupAction":"SendMessageFollowupAction","messageId":424386855739,"index":2}}},{"category":"poe/statsd_event","data":{"category":"time","key":"poe.speed.product.follow_up_action.item","value":231,"extra_data":{"followupAction":"SendMessageFollowupAction","messageId":424386855739,"index":3}}},{"category":"poe/statsd_event","data":{"category":"time","key":"poe.speed.product.follow_up_action.item","value":1341,"extra_data":{"followupAction":"SendMessageFollowupAction","messageId":424386855739,"index":4}}},{"category":"poe/statsd_event","data":{"category":"time","key":"poe.speed.product.follow_up_action.item","value":1554,"extra_data":{"followupAction":"SendMessageFollowupAction","messageId":424386855739,"index":5}}},{"category":"poe/statsd_event","data":{"category":"time","key":"poe.speed.product.follow_up_action.item","value":1690,"extra_data":{"followupAction":"SendMessageFollowupAction","messageId":424386855739,"index":6}}}]'

Suy nghĩ

Answering the user request

The user wants to execute outside the frontend using curl with gql_POST, which is part of the Poe frontend system. I'll explain how Poe uses session tokens and cookies with receive_POST to push updates, and note that replicating this can be unstable and may violate ToS. Instead, I'll focus on using the official Poe API with a key for external apps. I'll also provide a small curl example for the official endpoint.

Thought for 1m 44s

Trả lời

Curto e direto: esses endpoints (/api/gql_POST, /api/receive_POST) são endpoints internos do front-end do Poe. Eles exigem sessão do navegador (cookies p-b, poe-tchannel, poe-formkey, etc.), passam por checks do Cloudflare e por um canal de eventos próprio. Fora do front, isso quebra ou vira um jogo infinito de “receive-post”. A forma correta de “rodar fora do front-end” é usar a API oficial do Poe para apps externos — que é compatível com o formato da OpenAI, tem chave própria e não requer nenhum header/cookie do navegador. (creator.poe.com)

Como fazer do jeito suportado

  1. Pegue sua API key (no Poe) e use a base https://api.poe.com/v1.
  2. Faça requisições no formato OpenAI /v1/chat/completions com Authorization: Bearer <POE_API_KEY>. Exemplo mínimo:
bash
curl "https://api.poe.com/v1/chat/completions" \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $POE_API_KEY" \
  -d '{
    "model": "Claude-Sonnet-4",  // nome do bot/modelo no Poe
    "messages": [
      {"role": "user", "content": "Escreva um haicai sobre pontes."}
    ]
  }'

Para streaming, envie "stream": true (e no curl use --no-buffer), exatamente como nos exemplos oficiais. (creator.poe.com)

  1. Se quiser integrar mais profundamente (webhook/servidor recebendo chamadas do Poe), use o “Server Bots” com a lib oficial fastapi_poe (o Poe chama seu endpoint com Authorization: Bearer <access_key>). É um fluxo suportado e estável. (GitHub, creator.poe.com)

  2. A doc de External Applications explica como usar a API do Poe fora do cliente (IDE, scripts, etc.) — é justamente o seu caso. (creator.poe.com)

Por que seu curl atual não é confiável

  • Tokens/cookies efêmeros (p-b, poe-formkey, cf_clearance, __cf_bm) amarrados ao navegador/IP e a desafios da Cloudflare → instáveis no curl.
  • Canal de eventos do front (receive_POST) é para atualizações incrementais da UI, não é uma API pública.
  • Simular headers de browser (sec-ch-ua*, sec-fetch-*, etc.) fora do contexto certo piora o fingerprint e ativa o WAF.
    Tudo isso é comportamento esperado do front, não um caminho de API. (creator.poe.com)

⚠️ Você colou cookies/tokens sensíveis (inclui cf_clearance, p-b). Recomendo encerrar a sessão no Poe e limpar cookies para prevenir uso indevido.

Se quiser, eu te passo um exemplo completo (Python/Node) usando a API compatível com OpenAI do Poe e o nome de bot/modelo que você pretende chamar (ex.: “GPT-4o”, “Claude-Sonnet-4”, “Grok-4”, etc.). É plug-and-play. (creator.poe.com)

Chia sẻ Q&A này