400 (Bad Request) - Missing parameter(s): request

sksaju commented 5 years ago

Bug Description

After successfully setup the plugin i got this error [400 (Bad Request)].

Screenshots

2019-11-04

Additional Context

PHP Version: 5.6.40
OS: Linux
Browser: Brave
Plugin Version: 1.0.1
Device: Windows

Do not alter or remove anything below. The following sections will be managed by moderators only.

Acceptance criteria

Batch requests shouldn't exceed the maximum length of query parameters in certain setups (512 characters).

Implementation Brief

Update batch requests to use POST instead of GET
Merge #935

Changelog entry

Fix too long request URLs for Google API batch requests to use POST instead, as the query length was problematic on certain environments.

felixarntz commented 5 years ago

@aaemnnosttv @adamsilverstein Any idea what's happening here? The only issue like this I was aware of was fixed in #339 - maybe we missed something there?

aaemnnosttv commented 5 years ago

@felixarntz this looks similar to a problem we've seen in #243 which may be related to web server configuration.

One possibility is that some [WAF, security plugin, etc] may be interfering with the value of the request parameter value in a way which breaks the URL-encoded JSON. This would cause the decoding to fail on the API side, resulting in a null value which may trigger the same error as if the parameter wasn't passed at all since it is technically "not set".

That's the best theory I have at the moment but it's difficult to troubleshoot without a more definitive way to reproduce the problem.

cole10up commented 4 years ago

After doing some digging on https://github.com/google/site-kit-wp/issues/767

I noticed if you do the following steps you can reproduce this issue on the following host: https://interserv.cmsdevrel.com/wp-admin

Host Info

` ### wp-core ### version: 5.3 site_language: en_US user_language: en_US timezone: +00:00 permalink: /%year%/%monthnum%/%day%/%postname%/ https_status: false user_registration: 0 default_comment_status: open multisite: false user_count: 4 dotorg_communication: true ### wp-paths-sizes ### wordpress_path: /home/interser/public_html wordpress_size: 37.73 MB (39559273 bytes) uploads_path: /home/interser/public_html/wp-content/uploads uploads_size: 0.00 B (0 bytes) themes_path: /home/interser/public_html/wp-content/themes themes_size: 4.60 MB (4822642 bytes) plugins_path: /home/interser/public_html/wp-content/plugins plugins_size: 21.92 MB (22985965 bytes) database_size: 757.53 KB (775713 bytes) total_size: 64.99 MB (68143593 bytes) ### wp-active-theme ### name: Twenty Nineteen (twentynineteen) version: 1.4 author: the WordPress team author_website: https://wordpress.org/ parent_theme: none theme_features: automatic-feed-links, title-tag, post-thumbnails, menus, html5, custom-logo, customize-selective-refresh-widgets, wp-block-styles, align-wide, editor-styles, editor-style, editor-font-sizes, editor-color-palette, responsive-embeds, widgets theme_path: /home/interser/public_html/wp-content/themes/twentynineteen ### wp-themes-inactive (3) ### Twenty Seventeen: version: 2.2, author: the WordPress team Twenty Sixteen: version: 2.0, author: the WordPress team Twenty Twenty: version: 1.0, author: the WordPress team ### wp-plugins-active (2) ### Site Kit by Google: version: 1.1.1, author: Google WP Htaccess Editor: version: 1.65, author: WebFactory Ltd ### wp-plugins-inactive (2) ### Akismet Anti-Spam: version: 4.1.3, author: Automattic Hello Dolly: version: 1.7.2, author: Matt Mullenweg ### wp-media ### image_editor: WP_Image_Editor_GD imagick_module_version: Not available imagemagick_version: Not available gd_version: bundled (2.1.0 compatible) ghostscript_version: 9.25 ### wp-server ### server_architecture: Linux 3.10.0-962.3.2.lve1.5.24.6.el7.x86_64 x86_64 httpd_software: LiteSpeed php_version: 5.6.40 64bit php_sapi: litespeed max_input_variables: 1000 time_limit: 30 memory_limit: 256M max_input_time: 60 upload_max_size: 128M php_post_max_size: 32M curl_version: 7.66.0 OpenSSL/1.0.2t suhosin: true imagick_availability: false htaccess_extra_rules: true ### wp-database ### extension: mysqli server_version: 10.1.43-MariaDB-cll-lve client_version: mysqlnd 5.0.11-dev - 20120503 - $Id: 76b08b24596e12d4553bd41fc93cccd5bac2fe7a $ ### wp-constants ### WP_HOME: undefined WP_SITEURL: undefined WP_CONTENT_DIR: /home/interser/public_html/wp-content WP_PLUGIN_DIR: /home/interser/public_html/wp-content/plugins WP_MAX_MEMORY_LIMIT: 256M WP_DEBUG: false WP_DEBUG_DISPLAY: true WP_DEBUG_LOG: false SCRIPT_DEBUG: false WP_CACHE: false CONCATENATE_SCRIPTS: undefined COMPRESS_SCRIPTS: undefined COMPRESS_CSS: undefined WP_LOCAL_DEV: undefined DB_CHARSET: utf8mb4 DB_COLLATE: undefined ### wp-filesystem ### wordpress: writable wp-content: writable uploads: writable plugins: writable themes: writable `

Steps

Download and install the following zip on the host above (ping me for a user): google-site-kit.zip
Activate the plugin
Click setup
Click cancel on the Welcome to Setup proxy screen
Click setup again and run through the entire proxy setup to success

Notice Dashboard looks like this:

400 error:

aaemnnosttv commented 4 years ago

After investigating in the environment where this is happening I found that query parameters (in this environment) have a maximum value length of 512 characters. Any parameter with a value longer than that becomes undefined in the eyes of the REST request and not present in $request->get_params(). I haven't found what conditions are responsible for this but it doesn't appear to be a limit at the server level, at least in the environment we have.

This is solvable by changing the way batch requests are made; the easiest solution is to simply change these to be made with a POST request instead of GET. This moves the request data into the body of the request which is then submitted as a regular JSON body rather than putting everything into a single parameter in the query string. This is actually how the Google API client performs batch requests as well. The request method of the batch request itself does not need to be GET because all of the individual requests contain their own method. The REST API also abstracts the source of request parameters so it is a very small change to make.

felixarntz commented 4 years ago

IB ✅

cole10up commented 4 years ago

Tested

Installed the following zip as a pre-test google-site-kit.zip

Notice:

Deactivated and deleted.

Installed the following zip with this fix. google-site-kit.zip

Notice:

Passed QA ✅

google / site-kit-wp