I'm having an issue submitting post requests using Laravel. The following works locally using docker with Laravel 9.21.6 and PHP 8.1.0. When I try on the live server running NGINX with Laravel 9.21.6 and PHP 8.1.8, I get nothing. What am I missing?
Route::post('orders', function (Request $request) {
return ($request);
});
If I try the following curl request:
curl -v -X POST -d "{'order':18}" "http://localhost/api/orders"
I get order printed:
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 127.0.0.1:80...
* Connected to localhost (127.0.0.1) port 80 (#0)
> POST /api/orders HTTP/1.1
> Host: localhost
> User-Agent: curl/7.79.1
> Accept: */*
> Content-Length: 12
> Content-Type: application/x-www-form-urlencoded
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Host: localhost
< Date: Sun, 31 Jul 2022 18:41:08 GMT
< Connection: close
< X-Powered-By: PHP/8.1.0
< Cache-Control: no-cache, private
< Date: Sun, 31 Jul 2022 18:41:08 GMT
< Content-Type: application/json
< X-RateLimit-Limit: 60
< X-RateLimit-Remaining: 59
< Access-Control-Allow-Origin: *
<
* Closing connection 0
{"{'order':18}":null}%
But if I try on the server:
curl -v -X POST -d "{'order':18}" "https://server.com/api/orders"
I get nothing:
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying 54.145.34.166:443...
* Connected to api.wenusvi.com (54.145.34.166) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: CN=wenusvi.com
* start date: Jun 18 19:22:18 2022 GMT
* expire date: Sep 16 19:22:17 2022 GMT
* subjectAltName: host "api.wenusvi.com" matched cert's "api.wenusvi.com"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
> POST /api/orders HTTP/1.1
> Host: api.wenusvi.com
> User-Agent: curl/7.79.1
> Accept: */*
> Connection: close
> Content-Length: 12
> Content-Type: application/x-www-form-urlencoded
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Server: nginx/1.18.0 (Ubuntu)
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: close
< Cache-Control: no-cache, private
< Date: Sun, 31 Jul 2022 18:40:55 GMT
< X-RateLimit-Limit: 60
< X-RateLimit-Remaining: 59
< Access-Control-Allow-Origin: *
<
* Closing connection 0
After much trial and error, the issue had to do with php-fpm. It seems the server was caching the output. Initially, this URL did not output any results, so the server cached that "data" and any further calls returned the empty data. Restarting php-fpm worked so I did some more searching and came across an article that advised changing opcache to 0. See https://serverfault.com/questions/991843/why-does-php-fpm-sometimes-get-stuck-serving-old-files
Related
I'm trying to send a POST request to a destination server via curl in PHP but it does work fine on some URL
/machines/{machineID(5digit)}/doSomething >> doesn't work
/machines/{machineID}(6digit)/doSomething >> working fine..
first I used Guzzle to made a request but It cause the same problem. So, I changed to curl. now It causes me the same problem again. but the weirdest part is If I use curl in bash. It works fine for both URLs like a charm. and It also works in Python as well. So, I don't know what happened I did some search and found this forum and I followed it already. still doesn't work. and both URLs return the same status code which is 200. It is even harder for me to debug this. is there any workaround in this situation.
Here is what I've found when I use curl -v and curl_setopt($curl, CURLOPT_VERBOSE, 1);
curl in bash (working fine)
Note: Unnecessary use of -X or --request, POST is already inferred.
* Trying xx.xx.xx.xx...
* TCP_NODELAY set
* Connected to xxxx (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / xxxxx
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.xx.com
* start date: Aug 14 00:00:00 2021 GMT
* expire date: Sep 12 23:59:59 2022 GMT
* subjectAltName: host "api.xxx.com" matched cert's "*.xxx.com"
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x5649d4954600)
> POST /machines/xxxxx/dosomething HTTP/2
> Host: api.xxx.com
> User-Agent: curl/7.58.0
> Accept: */*
> Content-Type: application/json
> x-api-key:xxx
> organization-id:xxx
> auth-token:xxx
> Content-Length: 29
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* We are completely uploaded and fine
< HTTP/2 200
< date: Tue, 21 Sep 2021 09:35:55 GMT
< content-type: application/json; charset=utf-8
< content-length: 893
< server: nginx/1.20.0
< vary: Origin
< access-control-allow-origin: *
< access-control-expose-headers: auth-token
< x-ratelimit-limit: 50
< x-ratelimit-remaining: 49
< x-ratelimit-reset: 60
< auth-token: xxx
<
* Connection #0 to host api.xxx.com left intact
{json response here}
from curl client in PHP (work only for some routes)
* Trying xx.xx.xx.xx...
* TCP_NODELAY set
* Connected to api.xx.com (xx.xx.xx.xx) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* SSL connection using TLSv1.2 / xxxxx
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.xx.com
* start date: Aug 14 00:00:00 2021 GMT
* expire date: Sep 12 23:59:59 2022 GMT
* issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x560738143210)
> POST /machines/xxxxx/doSomething HTTP/2
Host: api.xxx.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:93.0) Gecko/20100101 Firefox/93.0
Content-Type: application/json
Accept: */*
x-api-key:xxx
organization-id:xxx
auth-token: xxxx
Content-Length: 29
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
* We are completely uploaded and fine
< HTTP/2 200
< date: Wed, 22 Sep 2021 15:25:49 GMT
< content-type: application/json; charset=utf-8
< content-length: 893
< server: nginx/1.20.0
< vary: Origin
< access-control-allow-origin: *
< access-control-expose-headers: auth-token
< x-ratelimit-limit: 50
< x-ratelimit-remaining: 48
< x-ratelimit-reset: 57
< alliancels-auth-token: xxx
<
* Connection #0 to host api.xxx.com left intact
I'm trying to integrate authorize.net (AIM) using the official PHP SDK v2.0.0 and I'm seeing some strange behaviors:
curl_exec() returns false even when the request is successful and CURLOPT_RETURNTRANSFER is set to true.
curl_errno is returns 7 (Failed to connect() to host or proxy) for the same request.
I know request is successful since:
I can see the transaction is successfully recorded at authorize.net
Setting CURLOPT_RETURNTRANSFER to false causes the JSON response from authorize.net to be printed
curl_getinfo() shows HTTP status code = 200
Anyone experience this type of behavior with cURL? I'm not sure what I'm missing.
EDIT: Added output with CURLOPT_VERBOSE set
* Trying 198.241.206.22:443...
* Connected to apitest.authorize.net (198.241.206.22) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /home/app/demo/assets/lib/anet_sdk_2.0.0/lib/ssl/cert.pem
CApath: none
* SSL connection using TLSv1.2 / AES256-GCM-SHA384
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=Foster City; O=Authorize.Net; CN=*.authorize.net
* start date: Feb 5 20:44:08 2020 GMT
* expire date: Mar 15 21:14:08 2021 GMT
* subjectAltName: host "apitest.authorize.net" matched cert's "*.authorize.net"
* issuer: C=US; O=Entrust, Inc.; OU=See www.entrust.net/legal-terms; OU=(c) 2012 Entrust, Inc. - for authorized use only; CN=Entrust Certification Authority - L1K
* SSL certificate verify ok.
> POST /xml/v1/request.api HTTP/1.1
Host: apitest.authorize.net
Accept: */*
Content-Type: text/json
Content-Length: 1458
* upload completely sent off: 1458 out of 1458 bytes
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Cache-Control: no-store
< Pragma: no-cache
< Content-Type: application/json; charset=utf-8
< X-OPNET-Transaction-Trace: a2_fe4a070f-cf07-47d7-8e9e-c8a703920de5-5628-7089051
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Headers: x-requested-with,cache-control,content-type,origin,method,SOAPAction
< Access-Control-Allow-Methods: PUT,OPTIONS,POST,GET
< Access-Control-Allow-Origin: *
< Strict-Transport-Security: max-age=31536000
< X-Cnection: close
< Date: Sat, 12 Sep 2020 10:40:48 GMT
< Content-Length: 512
<
* Connection #0 to host apitest.authorize.net left intact
Good Evening Everyone.
Have been searching for a week to try and find a way of connecting using guzzle.
curl -v https://go.paytraq.com/api/{APICall}?APIToken={APIToken}&APIKey={APIKey} \
-H "Content-Type:text/xml" \
-d "{RequestBody}"
I tried all methods and keep getting unauthorised access and not sure the best way to pass APIToken and APIKey.
I have used the above from terminal and it works fine.
$client = new \GuzzleHttp\Client(['base_uri'=>'https://go.paytraq.com']);
$request = $client->request('GET','/api/clients',['debug'=>true],[ 'headers'=>
'APIToken=XXXXXX&APIKey=XXXX'
]);
The above is the last version of my code which gives me the below error
GuzzleHttp\Exception\ClientException
Client error: GET https://go.paytraq.com/api/clients resulted in a 401 Unauthorized response: API key or token is not provided
And below is the guzzle debug
Trying 52.16.7.7:443... * Connected to go.paytraq.com (52.16.7.7) port 443 (#0) * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /usr/local/etc/openssl#1.1/cert.pem CApath: /usr/local/etc/openssl#1.1/certs * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=go.paytraq.com * start date: Oct 14 00:00:00 2019 GMT * expire date: Nov 14 12:00:00 2020 GMT * subjectAltName: host "go.paytraq.com" matched cert's "go.paytraq.com" * issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon * SSL certificate verify ok. > GET /api/clients HTTP/1.1 Host: go.paytraq.com User-Agent: GuzzleHttp/7 * Mark bundle as not supporting multiuse < HTTP/1.1 401 Unauthorized < Content-Type: text/plain; charset=utf-8 < Date: Sat, 01 Aug 2020 21:03:49 GMT < Request-Time: 1 < Server: nginx/1.4.6 (Ubuntu) < Content-Length: 32 < Connection: keep-alive < * Connection #0 to host go.paytraq.com left intact
This should work:
$client->request('GET', '/api/clients', ['query' => [
'APIToken' => $APIToken,
'APIKey' => $APIkey]
]);
I am getting weird CORS issues, which I have never experienced before. I make a GET request to an endpoint that has access-control-allow-origin: * set. This is the output with curl -v:
[me:~]$ curl -v https://example.org/wp-json/jwr/v1/instagram
* Trying 123.123.123.123...
* TCP_NODELAY set
* Connected to example.org (123.123.123.123) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/cert.pem
CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-ECDSA-CHACHA20-POLY1305
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=CA; L=San Francisco; O=Cloudflare, Inc.; CN=sni.cloudflaressl.com
* start date: Nov 21 00:00:00 2019 GMT
* expire date: Oct 9 12:00:00 2020 GMT
* subjectAltName: host "example.org" matched cert's "example.org"
* issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f9cf5808200)
> GET /wp-json/jwr/v1/instagram HTTP/2
> Host: example.org
> User-Agent: curl/7.64.1
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
< HTTP/2 200
< date: Tue, 05 May 2020 21:41:48 GMT
< content-type: application/json; charset=UTF-8
< content-length: 10378
< set-cookie: __cfduid=d6e8c142300b62cb6b4fd207fe1912a7a1588714908; expires=Thu, 04-Jun-20 21:41:48 GMT; path=/; domain=.example.org; HttpOnly; SameSite=Lax; Secure
< x-powered-by: PHP/7.3.17
< x-robots-tag: noindex
< link: <https://example.org/wp-json/>; rel="https://api.w.org/"
< x-content-type-options: nosniff
< access-control-expose-headers: X-WP-Total, X-WP-TotalPages
< access-control-allow-headers: Authorization, Content-Type
< allow: GET
< access-control-allow-origin: *
< access-control-allow-methods: POST, GET, OPTIONS, DELETE
< access-control-allow-credentials: true
< access-control-expose-headers: Link
< etag: "129925-1588714700;;;"
< x-litespeed-cache: hit
< vary: User-Agent
< alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
< cf-cache-status: DYNAMIC
< expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
< server: cloudflare
< cf-ray: 58eda0b43d6fd881-CPH
< cf-request-id: 028862c4a60000d88135a8f200000001
However, in Chrome I get error:
Access to XMLHttpRequest at 'https://example.org/wp-json/jwr/v1/instagram' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
I have tried to disbale CORS in Google Chrome (with web-security disabled) and then it works. I inspected the response headers, and they also had the allow-origin headers present.
I have also tried to copy the Chrome Network request as a CURL command, and it executes fine, without any errors on the php side and with the CORS headers set.
One strange issue I have discovered is that it only happens when I am logged in - despite the two requests look pretty similar. I am using Nuxt and https://github.com/nuxt-community/auth-module - however, the issue does not happen on ALL calls, despite the calls being very similar (same API rest endpoint)
Issue was that I had "allow-origin: *" and that is not allowed when you are using withCredentials:true. So I had to define the origin, and then it seemed to work.
I try to send the file via POST. Before that i used http connection and everything worked. But now var_dump($_REQUEST); in my php-file returns an empty array.
This my curl log:
$ curl -X POST -F "id=1" -F "file=#/tmp/file.txt" https://MY_DOMAIN/save_file.php
-v
Hostname was NOT found in DNS cache
Trying MY_IP...
Connected to MY_DOMAIN (MY_IP) port 443 (#0)
successfully set certificate verify locations:
CAfile: none CApath: /etc/ssl/certs
SSLv3, TLS handshake, Client hello (1):
SSLv3, TLS handshake, Server hello (2):
SSLv3, TLS handshake, CERT (11):
SSLv3, TLS handshake, Server key exchange (12):
SSLv3, TLS handshake, Server finished (14):
SSLv3, TLS handshake, Client key exchange (16):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSLv3, TLS change cipher, Client hello (1):
SSLv3, TLS handshake, Finished (20):
SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
Server certificate:
subject: C=RU; OU=Domain Control Validated; CN=MY_DOMAIN
start date: 2015-12-30 14:29:37 GMT
expire date: 2016-12-30 14:29:37 GMT
subjectAltName: MY_DOMAIN matched
issuer: C=BE; O=GlobalSign nv-sa; CN=GlobalSign Domain Validation CA - SHA256 - G2
SSL certificate verify ok.
POST /save_file.php HTTP/1.1
User-Agent: curl/7.38.0
Host: MY_DOMAIN
Accept: /
Content-Length: 95611662
Expect: 100-continue
Content-Type: multipart/form-data; boundary=------------------------4cf633b06b612b7d
< HTTP/1.1 100 Continue < HTTP/1.1 200 OK
Server nginx/1.10.1 is not blacklisted < Server: nginx/1.10.1 < Date: Sun, 23 Oct 2016 22:22:53 GMT < Content-Type: text/html;
charset=utf-8 < Transfer-Encoding: chunked < Connection: keep-alive <
Set-Cookie: mwc=f25mv8leksepc8qg1t7de0rdk5; path=/ < Expires: Thu, 19
Nov 1981 08:52:00 GMT < Cache-Control: no-store, no-cache,
must-revalidate, post-check=0, pre-check=0 < Pragma: no-cache <
Strict-Transport-Security: max-age=31536000; < array(0) { }
Connection #0 to host MY_DOMAIN left intact
The problem was in an unexpected place: the file size exceeds the allowable load