|  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Request #59229 Add User-Agent header to requests
Submitted: 2010-05-25 01:55 UTC Modified: 2010-05-27 20:22 UTC
From: jeff at digg dot com Assigned:
Status: Closed Package: oauth (PECL)
PHP Version: 5.2.4 OS:
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
Block user comment
Status: Assign to:
Bug Type:
From: jeff at digg dot com
New email:
PHP Version: OS:


 [2010-05-25 01:55 UTC] jeff at digg dot com
Hellos, I have a simple feature request.  I'd like to be able 
to have a User-Agent header set on getRequestToken() and 
getAccessToken() calls.  I know you could do it manually via 
fetch(), but I think one set by default would be nice.


Add a Patch

Pull Requests

Add a Pull Request


AllCommentsChangesGit/SVN commitsRelated reports
 [2010-05-25 01:57 UTC]
Is the lack of a UserAgent header what is causing the Digg API 
to just sit there and do nothing?
 [2010-05-25 02:06 UTC] jeff at digg dot com
It seems so. I am looking into it now.  I know we require it 
for all API requests.  (others give the proper error message 
when a User-Agent isn't supplied, but there seems to be a bug 
with this one)

Regarding the other issue. I am making the change to allow GET 
for request/access token requests.
 [2010-05-25 02:16 UTC]
pecl/oauth can send request_token requests with a POST quite 
nicely.  I don't see anything wrong with requiring a POST 
there, but yes, some decent error messages would be preferable 
to just hanging indefinitely when things go wrong.
 [2010-05-25 02:44 UTC]
Tied to bug 17533.
 [2010-05-25 03:34 UTC]
I have added a user-agent now.  The Digg end-point no longer 
hangs, but I get an invalid signature now.  Would be cool if 
you guys would support the OAuth ProblemReporting extension 
and spew out what you are signing.
 [2010-05-25 09:04 UTC]
I have an idea why this happens. It seems that the provider of Digg expects the full request token uri to be part of the SBS; this is wrong according to the specs:

9.1.2.  Construct Request URL
"The URL used in the Signature Base String MUST include the scheme, authority, and path, and MUST exclude the query and fragment"
 [2010-05-25 09:30 UTC]
It's confirmed:

With an SBS like this, it works:

However, this is not according to the OAuth specs, and it should be fixed on Digg's side.
 [2010-05-27 20:07 UTC]
Checked this morning and it seems to work okay now, without any changes to the code.

Seems that Digg made the fix? ;-)
 [2010-05-27 20:21 UTC] jeff at digg dot com
Correct, this is fixed on Digg's side now.  May I note that it 
would be nice to see a user-agent header added! :D
 [2010-05-27 20:22 UTC]
It was added a couple of days ago.
PHP Copyright © 2001-2023 The PHP Group
All rights reserved.
Last updated: Wed Jun 07 10:03:41 2023 UTC