PHP :: Request #59229 :: Add User-Agent header to requests

Request #59229	Add User-Agent header to requests
Submitted:	2010-05-25 01:55 UTC	Modified:	2010-05-27 20:22 UTC
From:	jeff at digg dot com	Assigned:
Status:	Closed	Package:	oauth (PECL)
PHP Version:	5.2.4	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	jeff at digg dot com
New email:
PHP Version:		OS:

New Comment:

[2010-05-25 01:55 UTC] jeff at digg dot com

Description:
------------
Hellos, I have a simple feature request.  I'd like to be able 
to have a User-Agent header set on getRequestToken() and 
getAccessToken() calls.  I know you could do it manually via 
fetch(), but I think one set by default would be nice.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-05-25 01:57 UTC] rasmus@php.net

Is the lack of a UserAgent header what is causing the Digg API 
to just sit there and do nothing?

[2010-05-25 02:06 UTC] jeff at digg dot com

It seems so. I am looking into it now.  I know we require it 
for all API requests.  (others give the proper error message 
when a User-Agent isn't supplied, but there seems to be a bug 
with this one)

Regarding the other issue. I am making the change to allow GET 
for request/access token requests.

[2010-05-25 02:16 UTC] rasmus@php.net

pecl/oauth can send request_token requests with a POST quite 
nicely.  I don't see anything wrong with requiring a POST 
there, but yes, some decent error messages would be preferable 
to just hanging indefinitely when things go wrong.

[2010-05-25 02:44 UTC] jawed@php.net

Tied to bug 17533.

[2010-05-25 03:34 UTC] rasmus@php.net

I have added a user-agent now.  The Digg end-point no longer 
hangs, but I get an invalid signature now.  Would be cool if 
you guys would support the OAuth ProblemReporting extension 
and spew out what you are signing.

[2010-05-25 09:04 UTC] datibbaw@php.net

I have an idea why this happens. It seems that the provider of Digg expects the full request token uri to be part of the SBS; this is wrong according to the specs:

9.1.2.  Construct Request URL
"The URL used in the Signature Base String MUST include the scheme, authority, and path, and MUST exclude the query and fragment"

[2010-05-25 09:30 UTC] datibbaw@php.net

It's confirmed:

With an SBS like this, it works:
"POST&http%3A%2F%2Fservices.digg.com%2F1.0%2Fendpoint%3Fmethod%3Doauth.getRequestToken&oauth_consumer_key%3De2bf8b91c0439e0da94208d665e9791e%26oauth_nonce%3D950316369%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274794087%26oauth_version%3D1.0"

However, this is not according to the OAuth specs, and it should be fixed on Digg's side.

[2010-05-27 20:07 UTC] datibbaw@php.net

Checked this morning and it seems to work okay now, without any changes to the code.

Seems that Digg made the fix? ;-)

[2010-05-27 20:21 UTC] jeff at digg dot com

Correct, this is fixed on Digg's side now.  May I note that it 
would be nice to see a user-agent header added! :D

[2010-05-27 20:22 UTC] rasmus@php.net

It was added a couple of days ago.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2025 The PHP Group All rights reserved.	Last updated: Sun May 11 04:01:27 2025 UTC