|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58588 Empty "Expect" header required for OAUTH_AUTH_TYPE_FORM
Submitted: 2009-03-19 08:22 UTC Modified: 2009-04-01 10:41 UTC
From: mail at sumeet dot info Assigned:
Status: Closed Package: oauth (PECL)
PHP Version: 5_2 CVS-2009-03-19 (dev) OS: RHEL 4
Private report: No CVE-ID: None
 [2009-03-19 08:22 UTC] mail at sumeet dot info
Tried out pecl/oauth today to use with Twitter's APIs - works great for GET requests!

For POSTs, however (when OAUTH_AUTH_TYPE_FORM auth_type is used), Twitter's servers give a "417 Expectation Failed" error, since cURL sets the "Expect: 100-continue" request header for POSTs, which is rejected by Twitter. See <>.

To fix this, can you set an empty Expect header while using cURL on line 570 of <>, please?

Thanks a lot!

Reproduce code:
define('TWITTER_API_URL', '');
try {
    /* initialize */
    $request_token_info = unserialize(file_get_contents(TWITTER_OAUTH_RESPONSE_FILE)); // stored when we got the request token
    /* set our request token information for fetching the access token */
    $o->setToken($request_token_info["oauth_token"], $request_token_info["oauth_token_secret"]);
    $tweet = array('status' => urlencode('This tweet is courtesy of OAuth awesomeness.'));
    $status = $o->fetch(TWITTER_API_URL, $tweet);
    $response_info = $o->getLastResponseInfo();
    header("Content-Type: {$response_info["content_type"]}");
    echo $o->getLastResponse();
} catch(Exception $E) {
        echo "Error: [".$E->errorMessage."]<br>\n";
        echo "Response: [".$E->lastResponse."]<br>\n";

Expected result:
Twitter status gets updated.

Actual result:
HTTP status 417 Expectation Failed


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-25 05:47 UTC] tjerk dot meesters at gmail dot com
Hi guys,

This can be easily solved by adding this snippet of code inside the conditional of OAUTH_AUTH_TYPE_FORM:

auth_header = curl_slist_append(auth_header,"Expect:");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER,auth_header);

This removed the Expect header, which seems quite useless here anyway.
 [2009-04-01 10:24 UTC] tjerk dot meesters at gmail dot com
Seems to have been resolved not too long ago ;-)
 [2009-04-01 10:41 UTC]
Yes, it was fixed in CVS and then in pecl/oauth-0.99.3.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Fri Jun 09 11:03:41 2023 UTC