Incorrect Request URL with Form Key on the product import.

[piotrekkaminski]

From @Radio on June 22, 2016 8:57

Steps to reproduce

1. Install Magento from develop branch.
2. Go to Admin Panel
3. Go to System -> Import.
4. Select "Products" in Entity Type field.
5. Set: Import Behavior: "Add/Update", select valid file to import.
6. Click "Check Data", wait for validation to complete.
7. Click "Import".

   Expected result

8. The request is sent to http://obo-demo.testing.cgi-labs.de/admin/admin/import/start/key/[some-key]/?form_key=[form-key] OR
9. The request URL doesn't contain form key as form key is present in the POST payload.

   Actual result

10. Request URL is: http://obo-demo.testing.cgi-labs.de/admin/admin/import/start/key/[some_key]/&form_key=[form-key] (note the "&" instead of "?"). Form key is also in the payload.

Copied from original issue: magento/magento2#5154

[piotrekkaminski]

From @shiftedreality on September 9, 2016 14:45

Hi @Radio

Thank you for your submission. We've created internal ticket MAGETWO-58250 to fix this issue.

[piotrekkaminski]

From @magento-engcom-team on October 13, 2017 8:3

@Radio, thank you for your report. We've created internal ticket(s) MAGETWO-58250 to track progress on the issue.

[TomashKhamlai]

Reproduced on 2.3-develop from http://github.com/magento/magento2.git

POST /admin/admin/import/start/key/e84342c7b3fed817cc0ea38dc72b929073d0cfae0b422534346346719b46c5ca/&form_key=DEipnHjS7e8MQWJr HTTP/1.1
...

...
Connection: close

------WebKitFormBoundarym3bVvVxB6UkkYxWZ
Content-Disposition: form-data; name="form_key"

DEipnHjS7e8MQWJr
...

...
sku,store_view_code,attribute_set_code,product_type,categories,product_websites,name,description,short_description,weight,product_online,tax_class_name,visibility,price,special_price,special_price_from_date,special_price_to_date,url_key,meta_title,meta_keywords,meta_description,created_at,updated_at,new_from_date,new_to_date,display_product_options_in,map_price,msrp_price,map_enabled,gift_message_available,custom_design,custom_design_from,custom_design_to,custom_layout_update,page_layout,product_options_container,msrp_display_actual_price_type,country_of_manufacture,additional_attributes,qty,out_of_stock_qty,use_config_min_qty,is_qty_decimal,allow_backorders,use_config_backorders,min_cart_qty,use_config_min_sale_qty,max_cart_qty,use_config_max_sale_qty,is_in_stock,notify_on_stock_below,use_config_notify_stock_qty,manage_stock,use_config_manage_stock,use_config_qty_increments,qty_increments,use_config_enable_qty_inc,enable_qty_increments,is_decimal_divided,website_id,deferred_stock_update,use_config_deferred_stock_update,related_skus,crosssell_skus,upsell_skus,hide_from_product_page,custom_options,bundle_price_type,bundle_sku_type,bundle_price_view,bundle_weight_type,bundle_values,associated_skus
...

[TomashKhamlai]

@dmanners do I have to do something more with this issue? I tested in Burp Suite.

[dmanners]

@TomashKhamlai nope just let me know it is reproduced an remove the label needs reevaluation if you can reproduce the issue.

[alexishughes]

I have the same issue with Magento CE 2.3. Exactly the same, Magento makes an invalid URL request and then just spins out. I think if your server is slow then the second key request is triggered after ~30s and this is why not so many people have this issue. Is there a patch?

[dmanners]

Hi @alexishughes thank you for the feedback. Currently there is no patch though I cannot imagine it being too hard to sort it and provide a pull request.

[dmanners]

This has been covered in 2.3-develop via https://github.com/magento-engcom/import-export-improvements/pull/111/files