php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #77296 411 Content Length Required on OAuth calls
Submitted: 2018-12-13 22:08 UTC Modified: 2018-12-13 22:09 UTC
Votes:1
Avg. Score:4.0 ± 0.0
Reproduced:1 of 1 (100.0%)
Same Version:0 (0.0%)
Same OS:1 (100.0%)
From: jakechapa at gmail dot com Assigned:
Status: Open Package: oauth (PECL)
PHP Version: 7.0.33 OS: Ubuntu 16.04 LTS
Private report: No CVE-ID: None
 [2018-12-13 22:08 UTC] jakechapa at gmail dot com
Description:
------------
It looks like some Oauth libraries (Etsy, Twitter, etc) are now requiring a "Content-Length" header for OAUTH requests. See here for the same bug on Twitter:
https://twittercommunity.com/t/411-length-required-for-https-api-twitter-com-oauth-request-token/1270

Here's my result on Etsy's API:

["headers_sent"]=>
  string(506) "POST /v2/oauth/request_token?scope=email_r+transactions_r+shops_rw HTTP/1.1
Host: openapi.etsy.com
User-Agent: PECL-OAuth/2.0.3-dev
Accept: */*
Authorization: OAuth oauth_callback="https%3A%2F%2F107736632647174.etsythemeshop.com%2Fcontroller%2Fadmin%2FWPSetup%2FonOAuthDone",oauth_consumer_key="emt8n1w5dda7qdq7vwypzlqe",oauth_signature_method="HMAC-SHA1",oauth_nonce="2867605115c12d6b5655634.83358354",oauth_timestamp="1544738485",oauth_version="1.0",oauth_signature="AS2eKK%2BE5bGGVIz7mf4dTUcdFFE%3D""
  
["headers_recv"]=>
  string(323) "HTTP/1.1 411 Length Required
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1564
Accept-Ranges: bytes
Date: Thu, 13 Dec 2018 22:01:25 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-dfw18623-DFW
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1544738485.449382,VS0,VE1"

Test script:
---------------
$this->oauth = $oauth = new OAuth($your['key'], $your['secret']);
$oauth->enableDebug();

// 411 error
$req_token = $oauth->getRequestToken($this->sy->base_url . "oauth/request_token?scope=" . urlencode($perms), $callback);


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2018-12-13 22:09 UTC] jakechapa at gmail dot com
Description:
------------
It looks like some Oauth libraries (Etsy, Twitter, etc) are now requiring a "Content-Length" header for OAUTH requests. See here for the same bug on Twitter:
https://twittercommunity.com/t/411-length-required-for-https-api-twitter-com-oauth-request-token/1270

Here's my result on Etsy's API:

["headers_sent"]=>
  string(506) "POST /v2/oauth/request_token?scope=email_r+transactions_r+shops_rw HTTP/1.1
Host: openapi.etsy.com
User-Agent: PECL-OAuth/2.0.3-dev
Accept: */*
Authorization: OAuth oauth_callback="https%3A%2F%2F107736632647174.etsythemeshop.com%2Fcontroller%2Fadmin%2FWPSetup%2FonOAuthDone",oauth_consumer_key="MY_KEY",oauth_signature_method="HMAC-SHA1",oauth_nonce="2867605115c12d6b5655634.83358354",oauth_timestamp="1544738485",oauth_version="1.0",oauth_signature="AS2eKK%2BE5bGGVIz7mf4dTUcdFFE%3D""
  
["headers_recv"]=>
  string(323) "HTTP/1.1 411 Length Required
Content-Type: text/html; charset=UTF-8
Referrer-Policy: no-referrer
Content-Length: 1564
Accept-Ranges: bytes
Date: Thu, 13 Dec 2018 22:01:25 GMT
Via: 1.1 varnish
Connection: keep-alive
X-Served-By: cache-dfw18623-DFW
X-Cache: MISS
X-Cache-Hits: 0
X-Timer: S1544738485.449382,VS0,VE1"

Test script:
---------------
$this->oauth = $oauth = new OAuth($your['key'], $your['secret']);
$oauth->enableDebug();

// 411 error
$req_token = $oauth->getRequestToken($this->sy->base_url . "oauth/request_token?scope=" . urlencode($perms), $callback);
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 21 23:01:29 2024 UTC