Order Validation Failed

[Fudgedotdotdot]

Hi,

I get the following error when creating a campaign : Error: Content Type text/plain; charset=UTF-8 not permitted. Use text/plain.

The request is created on line 1524 in /site-content/angular/controllers/npkMainCtrl.js and calls the cognito provider in /site-content/angular/providers/cognitoProvider.js line 18.

The headers are provided by this line (22) params.headers = this.cognitoSigner.sign(params);. This cognitoSigner variable is a "awsSignWeb.AwsSigner" object.

No idea if this is bug in NPK or AWS changed something.

I'm using the latest onliner from the main branch to install NPK.

Could you check it out ?

Thanks,

[c6fc]

It worked for me just now, so it's no change on AWS' side.

The NPK console doesn't gracefully handle expired Cognito tokens. It's a known issue, but the impact has historically been pretty minor, and it's a massive pain to test (since you have to wait an hour for them to expire). The console may have tried to send a signed request with invalid credentials.

Can you refresh the dashboard, or log out and log back in, and try to submit the order again?

[Fudgedotdotdot]

I tried log in log out, didn't fix the error. I redeployed using the main branch oneliner and it still shows the same error. I deleted the cloudshell home directory as well. Same with the dev script.

Did you install the latest version when you tested ? It worked fine before the latest commit. I had to install again to apply the new instances I got from AWS.

It seems to me like the NPK API is adding the charset=UTF-8 when it shouldn't.

Is there a way to log the headers that are sent by the code in cognitoProvider.js ?

[hilarex]

I just installed NPK and I have the same error

[c6fc]

Ok. Let me destroy and recreate my deploy and see if I encounter the same error. Maybe AWS did change something, but only for new resources :/

[c6fc]

I just destroyed and redeployed from scratch, and it still works fine for me right out of the box. Can either of you please share more details about the request being made using developer tools in the browser? If you right-click the request and 'Save as cURL', then DM it to me, I could dig into this further.

Also, can you tell me what browser you're using, and whether you're behind a proxy or using a plugin that modify requests?

[c6fc]

Thanks to @Fudgedotdotdot for DMing me the request. Turns out this is a sanity check that verifies the ContentType of the hash file submitted for cracking. I'm testing a fix right now, and should have a dev branch cut very shortly.

[c6fc]

Fixed in e473ba8 and pushed to main