GroveStreams customer support forum

Welcome to the GroveStreams forum! Create an account or log in to get started.

Email Alertscheckbox YTcheckbox Manage Email Alerts

Some calls are failing due to stricter HTTP API rules550

Pages:

139	139 MikeMills private msg quote post Address this user	plus 1 plus 1 plus 1 0
	We are starting to strengthen security settings on our web servers. This will impact some users. If you recently started seeing your HTTP API calls failing with HTTP 400 errors, it is highly likely this is impacting your devices and you are not conforming to these specifications: - The HOST header is blank or not being terminated with "\r\n" (see RFC2616 section 14.23) - Strict RFC7230 parsing. Ensure valid token chars before ':' per RFC 7230 3.2.4 - Strict RFC7230 parsing. Reject value for all garbage input (CTRLs excluding HT) e.g. only VCHAR / SP / HT / obs-text are allowed per RFC7230 3.2.6 It appears most users need to set the HOST header value and terminate all lines properly with \r\n. An example of this can be found here. We are only enforcing these intermittently on one web server to determine how many users this will impact. We'll post an enforcing date once we get feedback from users.
	2 months ago	Post 1 • IP flag post

139	139 MikeMills private msg quote post Address this user	plus 1 plus 1 plus 1 0
	We are enforcing The HOST header is blank or not being terminated with "\r\n" (see RFC2616 section 14.23) on one web server starting June 1, 20204 8:47 am If you started getting intermittent http errors at this time, ensure you're setting the HOST header in your device calls.
	2 months ago	Post 2 • IP flag post

139	139 MikeMills private msg quote post Address this user	plus 1 plus 1 plus 1 0
	This is now enforced on all but one web server.
	4 days ago	Post 3 • IP flag post

139	139 MikeMills private msg quote post Address this user	plus 1 plus 1 plus 1 0
	More strengthening: We are now enforcing RFC 7230 §3.5 on one web server - All grammar rules of the specification are enforced in the default Strict operating mode, and the strict whitespace suggested by section 3.5 is enforced. Example of a request leading to HTTP 400 with Strict mode: # Missing CRLF GET / HTTP/1.0\n\n If you started seeing intermittent errors around July 23, 2024 7:35 AM US Central time, then it could be your device is violating this RFC.
	4 days ago	Post 4 • IP flag post

2989 4 4

Pages:

Code
Bold
Italic
Link
Video YouTube Vimeo
Image From Web
Upload Image
Emoticons smile wink neutral frown big smile surprised eek oops angel cool kiss heart beer monkey

Log in or sign up to compose a reply.