SDK icon indicating copy to clipboard operation
SDK copied to clipboard

Published 20 hours ago verified publisher icon TryGhost

Admin API uses {} for the body of GET requests causing problems with Google Cloud services

Open danielvaughan opened this issue 3 years ago • 1 comments

Welcome to Ghost's GitHub repo! 👋🎉

We use GitHub only for bug reports 🐛

Anything else should be posted to https://forum.ghost.org 👫

🚨For support, help & questions use https://forum.ghost.org/c/help 💡For feature requests & ideas you can post and vote on https://forum.ghost.org/c/Ideas

If your issue is with Ghost CLI, please report it on the CLI repo ➡️ https://github.com/TryGhost/Ghost-CLI/issues/new.

Issue Summary

I have been trying to use the Admin API with a Ghost blog I have hosted on Google Cloud. When I use the api.posts.browse() I get a 400 error back. I don't get this with the Content API. The error message is "Your client has issued a malformed or illegal request."

It turns out Google Load Balancers treat GET requests with anything in the body as illegal requests. See: https://stackoverflow.com/questions/36135180/google-compute-load-balancer-throws-400-bad-request-on-delete

Whether it is correct for Google to do this is arguable but as the API client submits {} as the default body for a GET and the implementation in the Content API doesn't I believe this is the issue.

I have verified in Postman that a request to https://<my-ghost>/ghost/api/v3/admin/posts/ is fine with a blank body but I get the same 400 error when the body is {}.

Looking at the code on line 288 of index.js we have:

function makeResourceRequest(resourceType, queryParams = {}, body = {}, method = 'GET', urlParams = {}) {

The body is being set here to {} by default. If it was empty by default I believe the problem with Google would be resolved and this should not cause other issues.

To Reproduce

  1. Deploy Ghost to Google Cloud Platform with a Load Balancer in front of it
  2. Attempt api.posts.browse()

Any other info e.g. Why do you consider this to be a bug? What did you expect to happen instead?

The bug is strictly speaking on Google's side but this looks like a low impact change that would bypass the issue.

Technical details:

  • Admin API Version: 1.4.2
  • Ghost Version: 4.8.4
  • Node Version: v16.5.0
  • Browser/OS: N/A
  • Database: N/A

danielvaughan avatar Jul 25 '21 14:07 danielvaughan

I am experiencing the same problem.

Applying #395 fixes it.

anajavi avatar Aug 12 '21 08:08 anajavi