PHP :: Request #59229 :: Add User-Agent header to requests

Request #59229	Add User-Agent header to requests
Submitted:	2010-05-25 01:55 UTC	Modified:	2010-05-27 20:22 UTC
From:	jeff at digg dot com	Assigned:
Status:	Closed	Package:	oauth (PECL)
PHP Version:	5.2.4	OS:
Private report:	No	CVE-ID:	None

View Add Comment Developer Edit

Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.

php.net Username: php.net Password:

	Block user comment
Status:		Assign to:
Package:
Bug Type:
Summary:
From:	jeff at digg dot com
New email:
PHP Version:		OS:

New/Additional Comment:

[2010-05-25 01:55 UTC] jeff at digg dot com

Description:
------------
Hellos, I have a simple feature request.  I'd like to be able 
to have a User-Agent header set on getRequestToken() and 
getAccessToken() calls.  I know you could do it manually via 
fetch(), but I think one set by default would be nice.

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports

[2010-05-25 01:57 UTC] rasmus@php.net

Is the lack of a UserAgent header what is causing the Digg API 
to just sit there and do nothing?

[2010-05-25 02:06 UTC] jeff at digg dot com

It seems so. I am looking into it now.  I know we require it 
for all API requests.  (others give the proper error message 
when a User-Agent isn't supplied, but there seems to be a bug 
with this one)

Regarding the other issue. I am making the change to allow GET 
for request/access token requests.

[2010-05-25 02:16 UTC] rasmus@php.net

pecl/oauth can send request_token requests with a POST quite 
nicely.  I don't see anything wrong with requiring a POST 
there, but yes, some decent error messages would be preferable 
to just hanging indefinitely when things go wrong.

[2010-05-25 02:44 UTC] jawed@php.net

Tied to bug 17533.

[2010-05-25 03:34 UTC] rasmus@php.net

I have added a user-agent now.  The Digg end-point no longer 
hangs, but I get an invalid signature now.  Would be cool if 
you guys would support the OAuth ProblemReporting extension 
and spew out what you are signing.

[2010-05-25 09:04 UTC] datibbaw@php.net

I have an idea why this happens. It seems that the provider of Digg expects the full request token uri to be part of the SBS; this is wrong according to the specs:

9.1.2.  Construct Request URL
"The URL used in the Signature Base String MUST include the scheme, authority, and path, and MUST exclude the query and fragment"

[2010-05-25 09:30 UTC] datibbaw@php.net

It's confirmed:

With an SBS like this, it works:
"POST&http%3A%2F%2Fservices.digg.com%2F1.0%2Fendpoint%3Fmethod%3Doauth.getRequestToken&oauth_consumer_key%3De2bf8b91c0439e0da94208d665e9791e%26oauth_nonce%3D950316369%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274794087%26oauth_version%3D1.0"

However, this is not according to the OAuth specs, and it should be fixed on Digg's side.

[2010-05-27 20:07 UTC] datibbaw@php.net

Checked this morning and it seems to work okay now, without any changes to the code.

Seems that Digg made the fix? ;-)

[2010-05-27 20:21 UTC] jeff at digg dot com

Correct, this is fixed on Digg's side now.  May I note that it 
would be nice to see a user-agent header added! :D

[2010-05-27 20:22 UTC] rasmus@php.net

It was added a couple of days ago.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2023 The PHP Group All rights reserved.	Last updated: Wed Jun 07 10:03:41 2023 UTC