GroveStreams

Some calls are failing due to stricter HTTP API rules550

MikeMills private msg quote post Address this user
We are starting to strengthen security settings on our web servers. This will impact some users.

If you recently started seeing your HTTP API calls failing with HTTP 400 errors, it is highly likely this is impacting your devices and you are not conforming to these specifications:

- The HOST header is blank or not being terminated with "\r\n" (see RFC2616 section 14.23)
- Strict RFC7230 parsing. Ensure valid token chars before ':' per RFC 7230 3.2.4
- Strict RFC7230 parsing. Reject value for all garbage input (CTRLs excluding HT) e.g. only VCHAR / SP / HT / obs-text are allowed per RFC7230 3.2.6

It appears most users need to set the HOST header value and terminate all lines properly with \r\n. An example of this can be found here.

We are only enforcing these intermittently on one web server to determine how many users this will impact. We'll post an enforcing date once we get feedback from users.
Post 1 IP   flag post
MikeMills private msg quote post Address this user
We are enforcing The HOST header is blank or not being terminated with "\r\n" (see RFC2616 section 14.23) on one web server starting June 1, 20204 8:47 am

If you started getting intermittent http errors at this time, ensure you're setting the HOST header in your device calls.
Post 2 IP   flag post
2973 2 2
Log in or sign up to compose a reply.