search

matomo-org / matomo

Empowering People Ethically with the leading open source alternative to Google Analytics that gives you full control over your data. Matomo lets you easily collect data from websites & apps and visualise this data and extract insights. Privacy is built-in. Liberating Web Analytics. Star us on Github? +1. And we love Pull Requests!
https://matomo.org/
GNU General Public License v3.0
19.83k stars 2.64k forks source link

Marketplace POST requests should include a Content-Length header #20671

Open Commifreak opened 1 year ago

Commifreak commented 1 year ago

We have proxy enabled via config. Every Marketplace communication is cancelled. Following this steps brings up:

string(400) "http://plugins.matomo.org/api/2.0/plugins/checkUpdates?plugins=%7B%22plugins%22%3A%5B%7B%22name%22%3A%22CustomVariables%22%2C%22version%22%3A%224.1.0%22%2C%22activated%22%3A1%7D%2C%7B%22name%22%3A%22Provider%22%2C%22version%22%3A%224.0.3%22%2C%22activated%22%3A1%7D%5D%7D&release_channel=latest_stable&prefer_stable=1&piwik=4.14.2&php=8.1.17&mysql=5.7.41-0ubuntu0.18.04.1&num_users=10&num_websites=28" string(792) "

WWW Proxy
Length Required
Bad request header: Neither Content-Length nor Transfer-Encoding chunked was given for POST

Generated by your WWW Proxy

Is this something that the Transport/proxy support have to handle?

Context

Loading dashboard overview causes the error in cinjunction with setup [proxy] config

Expected Behavior

Successful communication, the proxy is working for other applications

Current Behavior

See above

Possible Solution

-

Steps to Reproduce (for Bugs)

-

Your Environment

bx80 commented 1 year ago

Hi @Commifreak, thanks for reporting this.

I've done some testing and from what I can see POST requests to the marketplace do not include a Content-Length header. This header is required for HTTP/1.1 requests with a body, but is optional for HTTP/2. So strictly speaking it is okay to omit the header in this case, however for improved compatibility it would be good for us to include it.

I'll assign this issue for prioritization by our product team.

It might worth checking if your proxy rules can be configured to allow HTTP/2 post requests without Content-Length header.

Commifreak commented 1 year ago

I did some research - as I found out: We are using max 1.1, right?

=> https://github.com/matomo-org/matomo/blob/3.x-dev/core/Http.php#L289

So, we are hard limited to max 1.1?

Commifreak commented 1 year ago

Ah - no. This was for fopen. curl part does not set any HTTP-Version. sorry for confusion