Page MenuHomePhabricator

www.googleapis.com refuses GET with Content-Length
Closed, WontfixPublic

Description

When a user is authenticating with its Google account, the following error can be observed:

[HTTP/400]
<!DOCTYPE html>
<html lang=en>
  <meta charset=utf-8>
  <meta name=viewport content="initial-scale=1, minimum-scale=1, width=device-width">
  <title>Error 400 (Bad Request)!!1</title>
  <style>
    *{margin:0;padding:0}html,code{font:15px/22px arial,sans-serif}html{background:#fff;color:#222;padding:15px}body{margin:7% auto 0;max-width:390px;min-height:180px;padding:30px 0 15px}* > body{background:url(//www.google.com/images/errors/robot.png) 100% 5px no-repeat;padding-right:205px}p{margin:11px 0 22px;overf...

Query made by phabricator is the following:

GET /plus/v1/people/me?access_token=***MASKED*** HTTP/1.1
Host: www.googleapis.com
Accept: */*
Content-Length: 6
Content-Type: application/x-www-form-urlencoded

Content-Length is provided even if no body is present in the query. www.googleapis.com is not accepting it there is no HTTP body, which is conform with RFC 2616:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html#sec4.4

Messages MUST NOT include both a Content-Length header field and a non-identity transfer-coding. If the message does include a non- identity transfer-coding, the Content-Length MUST be ignored.

This can be observed on https://phab.enlightenment.org/auth/ today.

Event Timeline

beber updated the task description. (Show Details)
beber added a project: libphutil.
beber added a subscriber: beber.

Can you show me the output of these commands on the server?

Run this one anywhere:

anywhere/ $ php -r 'var_dump(curl_version());'

...and, from libphutil/:

libphutil/ $ git show
$ php -r 'var_dump(curl_version());'
array(9) {
  ["version_number"]=>
  int(469760)
  ["age"]=>
  int(3)
  ["features"]=>
  int(575005)
  ["ssl_version_number"]=>
  int(0)
  ["version"]=>
  string(6) "7.43.0"
  ["host"]=>
  string(19) "x86_64-pc-linux-gnu"
  ["ssl_version"]=>
  string(14) "OpenSSL/1.0.2d"
  ["libz_version"]=>
  string(5) "1.2.8"
  ["protocols"]=>
  array(16) {
    [0]=>
    string(4) "dict"
    [1]=>
    string(4) "file"
    [2]=>
    string(3) "ftp"
    [3]=>
    string(4) "ftps"
    [4]=>
    string(6) "gopher"
    [5]=>
    string(4) "http"
    [6]=>
    string(5) "https"
    [7]=>
    string(4) "imap"
    [8]=>
    string(5) "imaps"
    [9]=>
    string(4) "pop3"
    [10]=>
    string(5) "pop3s"
    [11]=>
    string(4) "rtsp"
    [12]=>
    string(4) "smtp"
    [13]=>
    string(5) "smtps"
    [14]=>
    string(6) "telnet"
    [15]=>
    string(4) "tftp"
  }
}
$ git show
commit 367fadac24f24b826820e2fadced34b21cfff9ef
Merge: 4348cea d0105f1
Author: epriestley <git@epriestley.com>
Date:   Sat Oct 3 05:09:03 2015 -0700

    (stable) Promote 2015 Week 40

You have a version of cURL which has a bug with Content-Length (see T8654 for discussion), but your version of libphutil should include a workaround, so I'm not sure what's up. I can't reproduce this problem on this server.

Maybe you haven't restarted apache/php-fpm after updating past rPHUe9fea5c64c0c?

Right .. with 7.42.1 it's now OK.

epriestley claimed this task.

I'm not sure why our workaround for this in rPHUe9fea5c64c0c wouldn't work for you, but it seems to work for other people so I'm going to chalk this up to something else in your environment until we see more reports.