patch request

rbx_asset/src/cookie.rs

@@ -310,7 +310,7 @@ pub struct UserInventoryPageResponse{
 pub enum SetAssetsPermissionsError{
 	Parse(url::ParseError),
 	JSONEncode(serde_json::Error),
-	Post(PostError),
+	Patch(PostError),
 	Response(ResponseError),
 	Reqwest(reqwest::Error),
 }
@@ -411,6 +411,27 @@ impl Context{
 
 		Ok(resp)
 	}
+	async fn patch(&self,url:url::Url,body:impl Into<reqwest::Body>+Clone)->Result<reqwest::Response,PostError>{
+		let mut resp=self.client.patch(url.clone())
+		.header("Cookie",self.cookie.as_str())
+		.body(body.clone())
+		.send().await.map_err(PostError::Reqwest)?;
+
+		//This is called a CSRF challenge apparently
+		if resp.status()==reqwest::StatusCode::FORBIDDEN{
+			if let Some(csrf_token)=resp.headers().get("X-CSRF-Token"){
+				resp=self.client.patch(url)
+				.header("X-CSRF-Token",csrf_token)
+				.header("Cookie",self.cookie.as_str())
+				.body(body)
+				.send().await.map_err(PostError::Reqwest)?;
+			}else{
+				Err(PostError::CSRF)?;
+			}
+		}
+
+		Ok(resp)
+	}
 	pub async fn create(&self,config:CreateRequest,body:impl Into<reqwest::Body>+Clone)->Result<UploadResponse,CreateError>{
 		let mut url=reqwest::Url::parse("https://data.roblox.com/Data/Upload.ashx?json=1&type=Model&genreTypeId=1").map_err(CreateError::ParseError)?;
 		//url borrow scope
@@ -622,7 +643,7 @@ impl Context{
 		let body=config.serialize().map_err(SetAssetsPermissionsError::JSONEncode)?;
 
 		response_ok(
-			self.post(url,body).await.map_err(SetAssetsPermissionsError::Post)?
+			self.patch(url,body).await.map_err(SetAssetsPermissionsError::Patch)?
 		).await.map_err(SetAssetsPermissionsError::Response)?;
 
 		Ok(())