php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #58588 Empty "Expect" header required for OAUTH_AUTH_TYPE_FORM
Submitted: 2009-03-19 08:22 UTC Modified: 2009-04-01 10:41 UTC
From: mail at sumeet dot info Assigned:
Status: Closed Package: oauth (PECL)
PHP Version: 5_2 CVS-2009-03-19 (dev) OS: RHEL 4
Private report: No CVE-ID: None
 [2009-03-19 08:22 UTC] mail at sumeet dot info
Description:
------------
Tried out pecl/oauth today to use with Twitter's APIs - works great for GET requests!

For POSTs, however (when OAUTH_AUTH_TYPE_FORM auth_type is used), Twitter's servers give a "417 Expectation Failed" error, since cURL sets the "Expect: 100-continue" request header for POSTs, which is rejected by Twitter. See <http://paininthetech.com/2008/12/29/php-curl-disable-100-continue-expectation>.

To fix this, can you set an empty Expect header while using cURL on line 570 of <http://cvs.php.net/viewvc.cgi/pecl/oauth/oauth.c?revision=1.21&view=markup>, please?

Thanks a lot!

Reproduce code:
---------------
<?php
require('config.inc');
define('TWITTER_API_URL', 'http://twitter.com/statuses/update.xml');
try {
    /* initialize */
    $o = new OAuth(TWITTER_OAUTH_CONSUMER_KEY, TWITTER_OAUTH_CONSUMER_SECRET, OAUTH_SIG_METHOD_HMACSHA1, OAUTH_AUTH_TYPE_FORM);
    $request_token_info = unserialize(file_get_contents(TWITTER_OAUTH_RESPONSE_FILE)); // stored when we got the request token
    /* set our request token information for fetching the access token */
    $o->setToken($request_token_info["oauth_token"], $request_token_info["oauth_token_secret"]);
    $tweet = array('status' => urlencode('This tweet is courtesy of OAuth awesomeness.'));
    $status = $o->fetch(TWITTER_API_URL, $tweet);
    var_dump($status);
    $response_info = $o->getLastResponseInfo();
    var_dump($response_info);
    header("Content-Type: {$response_info["content_type"]}");
    echo $o->getLastResponse();
} catch(Exception $E) {
        echo "Error: [".$E->errorMessage."]<br>\n";
        echo "Response: [".$E->lastResponse."]<br>\n";
        exit;
}


Expected result:
----------------
Twitter status gets updated.

Actual result:
--------------
HTTP status 417 Expectation Failed

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2009-03-25 05:47 UTC] tjerk dot meesters at gmail dot com
Hi guys,

This can be easily solved by adding this snippet of code inside the conditional of OAUTH_AUTH_TYPE_FORM:

auth_header = curl_slist_append(auth_header,"Expect:");
curl_easy_setopt(curl, CURLOPT_HTTPHEADER,auth_header);

This removed the Expect header, which seems quite useless here anyway.
 [2009-04-01 10:24 UTC] tjerk dot meesters at gmail dot com
Seems to have been resolved not too long ago ;-)
 [2009-04-01 10:41 UTC] jawed@php.net
Yes, it was fixed in CVS and then in pecl/oauth-0.99.3.
 
PHP Copyright © 2001-2021 The PHP Group
All rights reserved.
Last updated: Sat Sep 18 15:03:37 2021 UTC