@salesforce/cli version 2.53.6 results BAD RESPONSE error

[sambit-diff]

Summary

@salesforce/cli version was auto updated from 2.51.6 to 2.53.6 during the weekend, and since Monday we are getting below error:

sf org login jwt --client-id --username deployment.user@.com.dev --alias dev Successfully authorized deployment.user@.com.dev with org ID 00DAd0000000000000 sf org list Type Alias Username Org ID Status Expires ─ ──── ───── ────────────────────────────────────────── ───────────────── qa deployment.user@.com.dev 00DAd0000000000000 Bad Response

Legend: 🌳=Default DevHub, 🍁=Default Org Use --all to see expired and deleted scratch orgs Finishing: Auth - SF CLI

The following command for sf project deploy start results below error:

The requested URL could not be retrieved The following error was encountered while trying to retrieve the URL: https://***.sandbox.my.salesforce.com/*

Access Denied.

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.

Your cache administrator is root.

CacheHost: ip-10-63-41-227.eu-west-1.compute.internal ErrPage: ERR_ACCESS_DENIED Err: [none] TimeStamp: Mon, 12 Aug 2024 07:54:29 GMT

ClientIP: 10..**.

HTTP Request: CONNECT HTTP/1.1 Proxy-Authorization: Basic Connection: close Host: .sandbox.my.salesforce.com:443

Expected result

Authentication status resulted "Connected" using version 2.51.6

Actual result

Authentication status resulted "Bad Response" using version 2.53.6

System Information

We are using Azure CI CD pipeline for authentication and deploying to Salesforce, and pipeline agents are setup with below resources: nvm install 22.2.0 npm install -g npm@latest npm install -g @salesforce/cli

Please let me know if further information is required

[github-actions[bot]]

Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support.

[github-actions[bot]]

Hello @sambit-diff :wave: It looks like you didn't include the full Salesforce CLI version information in your issue. Please provide the output of version --verbose --json for the CLI you're using (sf or sfdx).

A few more things to check:

• Make sure you've provided detailed steps to reproduce your issue.
  • A repository that clearly demonstrates the bug is ideal.
• Make sure you've installed the latest version of Salesforce CLI. (docs)
  • Better yet, try the rc or nightly versions. (docs)
• Try running the doctor command to diagnose common issues.
• Search GitHub for existing related issues.

Thank you!

[shetzel]

Those messages look like they are coming from your proxy. Going from CLI 2.51.6 to 2.53.6 shouldn't cause that. Are you 100% certain that those same errors only happen with 2.53.6 and not 2.51.6? Has anything else changed around proxy configuration in addition to the CLI update?

I suggest running sf doctor and ensuring all URL and proxy checks pass.

[sambit-diff]

Hi @shetzel we are using proxy to deploy on Salesfroce sandboxes from self-hosted agents. I am 100% sure that the error started only by upgrading to 2.53.6

Since it was a major impact and development cycle stopped for 3 on-going projects, I only force downgraded the CLI version to 2.51.6 to resolve this - "npm install -g @salesforce/cli@2.51.6"

There was no other change to proxy or anything else. I can only run "sf doctor" tomorrow, and share further information.

I doubt (please correct me if I am wrong) - could this be due to nvm version 22.2.0, might be version incompatible with @salesforce/cli@2.53.6

[shetzel]

It's possible that NodeJS v22.2.0 and sf CLI v2.53.6 are not compatible. 22.2.0 is not an LTS version (yet). See https://nodejs.org/en/about/previous-releases

Per NodeJS docs, "Production applications should only use Active LTS or Maintenance LTS releases." I would switch to using an LTS version of NodeJS.

I will try to reproduce this with similar steps on v22.2.0 and CLI v2.53.6.

[sambit-diff]

@shetzel Salesforce CLI support team suggested to use NodeJS v22.2.0 with @salesforce/cli@2.51.6 to resolve below error

Metadata API request failed: Cannot create property 'caller' on string 'incorrect header check'

[shetzel]

You should always use an LTS version of NodeJS with production apps. From this issue, the appropriate solution is still to use the LTS version of NodeJS, but definitely not v22.3.0 or higher since that caused the error you mentioned.

I switched to NodeJS v22.2.0 and tried to reproduce what you are seeing and could not. I authed to an org with JWT, then ran sf org list and it all worked fine. Based on the error message you're seeing, there is some interaction happening with your proxy setup.

I would ensure you have all the proxy env vars set (http_proxy, https_proxy, HTTP_PROXY, HTTPS_PROXY). I would check the diagnostic logs created from running sf doctor. You could also run sf doctor --command "org list" and it should create a debug output file for you. To get even more debug output you can also set SF_LOG_LEVEL=trace and JSFORCE_LOG_LEVEL=DEBUG before running that doctor command.

[sambit-diff]

@shetzel we have a new version 2.54.6 available for update. I will run "sf doctor" with this version and update, hopefully it would work.

[sambit-diff]

node v2-22-0 and cli v2-51-6.log node v2-22-0 and cli v2-54-6.log

@shetzel As advised, I ran "sf doctor" on both combinations i.e., nodeJs_v2.22.0 + @salesforce/cli@2.51.6 and nodeJs_v2.22.0 + @salesforce/cli@2.54.6

Please find the attached logs. Since both executions were done on same proxy,

On latest version:

1. endpoint URL is "/services/data/v50.0"
2. unable to reach "https://appexchange.salesforce.com/services/data"

[shetzel]

Based on those 2 logs, I think this is the key: "can access: https://appexchange.salesforce.com/services/data". It passes with v2.51.6 and fails with 2.54.6. That endpoint is used to get an API version when no other API version can be found in the environment. Without an API version the CLI falls back to use v50.0 rather than a current version. Is the sf org list command being run from within a project? If so, it would find API versions within sfdx-project.json. Also, if you set API version config vars (either global or local to the project) it would find those as well. So the solution could be as simple as running the command within a project directory. Alternatively, set SF_API_VERSION=61.0 or whatever you want the API version to be. If you do that, the https://appexchange.salesforce.com/services/data endpoint is never used.

As to why the same endpoint can't be accessed after a CLI version update, I have no idea. If everything else is the same it shouldn't matter.

[shetzel]

Do you have both uppercase and lowercase proxy env vars set? I.e., https_proxy, http_proxy, HTTPS_PROXY, and HTTP_PROXY. If so, are they set to the same value?

[sambit-diff]

We only have uppercase env variable set i.e., HTTPS_PROXY and HTTP_PROXY Is it mandatory to have these in lower case too?

[shetzel]

It shouldn't be mandatory, but it's not a bad idea to set them all. Some libraries prefer the lower case while others prefer the upper case.

I'm curious what happens if you're using CLI v2.54.6 and set the lower case proxies as well as the upper case. I'm also curious what happens if you're using CLI v2.54.6 and set SF_API_VERSION=61.0.

[sambit-diff]

@shetzel sure, I will give this a try after I get a 2h window from all project team, and get back to you. Thank you

[github-actions[bot]]

This issue has not received a response in 7 days. It will auto-close in 7 days unless a response is posted.