mltucker
commented
6 months ago Hey @RogueArt,
Hmm, this is working for me. I made a python server that just logs incoming requests and ran it at http://localhost:8000. Marvin had no trouble sending its webhooks there.
You already thought of the things I would have suggested to check. Maybe there's a firewall issue? It's the Marvin client that is sending the http requests (not our server), and there could be something that blocks outgoing http requests.
Statement of purpose
I do solemnly swear (or affirm) that this is an API bug, and not a Marvin bug. For Marvin bugs I would use the in-app "?→Contact Support" feature
Describe the bug Hi, hope you're doing well! I noticed that the Amazing Marvin API only sends its webhooks to HTTPS endpoints. This might be the intended function, to have requests only sent for HTTPS webhooks, but I didn't see this documented anywhere in the wiki.
Steps to reproduce: (1) Set up an HTTP server. If you want, you can clone my project and replace the index.ts with this minimal reproducible sample. This will save you some time on setting up CORS and debugging listening
(2) Add an HTTP and HTTPS URL on the webhook pointing to two separate instances of the same server code:
To reproduce this, I have it hosted on my VPS over HTTP and then used the Ngrok service on my VPS to tunnel to HTTPS. Both are running on the same Linux machine, just on different ports.
(3) Create a new habit - I recommend setting it so you can record it 100, 200, etc. times a day. This way, you can just click a button to see if it hits the endpoint or not.
You can test this with GET, POST, PUT, etc. any type of request. None of them get sent to HTTP while all of them get sent to HTTPS.
Additionally, you can use Postman or some other service to ping both Express servers. I can confirm that when using Postman to simulate the webhook request, the HTTP one could be reached and pinged. I even accounted for the CORS options request in my Postman query and still, Marvin would not send the webhook to my HTTP server. It was only after I set up an SSL certificate and upgraded it to HTTPS that it worked, so I believe this is the root cause of the issue.
Expected behavior Either (a) the webhook should be able to send requests to HTTP endpoints (b) or the documentation should state that only HTTPS servers are allowed.
The latter is honestly fine since tasks can contain personal data, it was just that I didn't expect protocol to be an issue since it wasn't mentioned
Additional context I don't believe this was a recent bug / it was present on older versions as well since I was working on this project in April and ran into this same blocker with it not being able to forward requests to HTTP. Additionally, it may not have been caught since all the documentation in the wiki is using HTTPS URLs
Suggested workaround for anyone reading this: Make sure to use HTTPS and set up CORS correctly and the webhooks should be delivered correctly.
Thanks for looking at this ticket and thank you so much for making such a wonderful product! :D