fusionauth-issues icon indicating copy to clipboard operation
fusionauth-issues copied to clipboard
verified publisher icon FusionAuth

Error 500 when receiving Expect header

Open vcampitelli opened this issue 1 year ago • 0 comments

What happened?

Scenario

This simple PHP cURL request to the API causes error 500.

<?php
$curl = curl_init();
curl_setopt_array($curl, [
    CURLOPT_URL => 'http://localhost:9011/api/logout',
    CURLOPT_POST => true,
    CURLOPT_HEADER => true,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_VERBOSE => true,
]);
echo curl_exec($curl);

image

This happens because PHP will send a Expect: 100-continue, as described here.

Replicate via terminal

You can replicate it on a terminal by running:

curl -v -H "Expect: 100-continue" -d " " "localhost:9011/api/logout"

image

Endpoints

I tested with /api/login, /api/logout and several other endpoints.

Side effects

Someone could spam

What did I expect?

Probably a HTTP 400 Bad Request and no stack traces being logged.

Logs

To help with future searches, here's what is being logged:

PM ERROR org.primeframework.mvc.PrimeMVCRequestHandler - Error encountered
org.primeframework.mvc.validation.ValidationException: null
	at org.primeframework.mvc.content.DefaultContentWorkflow.validateContentType(DefaultContentWorkflow.java:94)
	at org.primeframework.mvc.content.DefaultContentWorkflow.perform(DefaultContentWorkflow.java:66)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
	at org.primeframework.mvc.parameter.DefaultParameterWorkflow.perform(DefaultParameterWorkflow.java:58)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
	at org.primeframework.mvc.parameter.DefaultURIParameterWorkflow.perform(DefaultURIParameterWorkflow.java:92)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
	at org.primeframework.mvc.scope.DefaultScopeRetrievalWorkflow.perform(DefaultScopeRetrievalWorkflow.java:50)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
	at org.primeframework.mvc.action.DefaultActionMappingWorkflow.perform(DefaultActionMappingWorkflow.java:119)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
	at org.primeframework.mvc.security.DefaultSavedRequestWorkflow.perform(DefaultSavedRequestWorkflow.java:65)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
	at org.primeframework.mvc.cors.CORSRequestWorkflow.perform(CORSRequestWorkflow.java:65)
	at org.primeframework.mvc.workflow.SubWorkflowChain.continueWorkflow(SubWorkflowChain.java:50)
	at org.primeframework.mvc.workflow.DefaultMVCWorkflow.perform(DefaultMVCWorkflow.java:108)
	at org.primeframework.mvc.PrimeMVCRequestHandler.handle(PrimeMVCRequestHandler.java:73)
	at io.fusionauth.http.server.HTTPWorker.run(HTTPWorker.java:50)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539)
	at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136)
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
	at java.base/java.lang.Thread.run(Thread.java:833)

Version

1.48.3

Affects Versions

No response

vcampitelli avatar Feb 14 '24 13:02 vcampitelli