I didn't understand what you told me about the content/headers stuff.
That's why I pointed out the distinction between data conveyed in the header and data conveyed in the content/body.
IF you want to mimic the form submission, you must not transfer the data in the header - no browser does that!
Perhaps, the csrf_token might need to be transferred with the header but that is surely defined in the fine API documentation, right?
I GUESS, you need something like this:
#-- everything from the FORM here (nerver use colons here):
my@form_fields= ( csrf_token => $csrf_token,
#-- above looks right, according to form example
subscribees => "$name <$email
+>",
setmemberopts_btn => 'Submit Your C
+hanges',
send_notifications_to_list_owner" => "1"
);
#-- read the API-doc: IF the csrf_token is required in the header
# (use colons to prevent canonicalisation):
my @headers = ( ':csrf_token' => $csrf_token,
':member_verbosity_threshold' => 0,
'User-Agent' => 'Mozilla/5.0'
);
my $res = $ua->request(POST $_[0],
@headers,
Content => \@form_fields
);
Regarding the lifetime expiration: Of course, you must provide the currently valid csrf_token.
I hope, running this application is in accordance with laws and terms of use...