Update: So I managed to get some cookies by parsing the login page with Xpath and sending a POST request, but they don’t seem to be the right kind, as trying to upvote posts with them passed in header results in 403 Forbidden.
The good thing is, we all can sleep safely knowing, that Derpibooru is secure as fuck. Or at least secure enough for me to not be able to do anything besides what the public API allows.
The bad thing is, well, I’m not able to do anything besides what the public API allows. And it’s pretty much limited to fetching stuff only, so no upvoting, no downvoting, no adding to favourites, nothing of the sorts.