The curl sample in https://plausible.io/docs/events-api returns 400 status code.

[andyj2022]

Past Issues Searched

• [X] I have searched open and closed issues to make sure that the bug has not yet been reported

Issue is a Bug Report

• [X] This is a bug report and not a feature request, nor asking for self-hosted support

Using official Plausible Cloud hosting or self-hosting?

Plausible Cloud from plausible.io

Describe the bug

The curl sample in https://plausible.io/docs/events-api returns 400 status code.

curl -i -X POST https://plausible.io/api/event -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 OPR/71.0.3770.284' -H 'X-Forwarded-For: 127.0.0.1' -H 'Content-Type: application/json' --data '{"name":"pageview","url":"https://plausible.io","domain":"plausible.io","screen_width":1666}'

Returns 400 error "Bad Request".

Making any POST /api/event test from any browser (Chrome, Firefox), it always return CORS error, and it seems to be produced because "access-control-allow-headers" from "plausible.io" does not allow sending "X-Forwarded-For":

access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-Token

Expected behavior

Return ok status code.

Screenshots

No response

Environment

- OS: Ubuntu 20.04
- Browser: Firefox, Chrome
- Browser Version: Latest.

[ukutaht]

Not for me. Any idea how I could replicate your problem?

➜  analytics git:(master) curl -i -X POST https://plausible.io/api/event -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36 OPR/71.0.3770.284' -H 'X-Forwarded-For: 127.0.0.1' -H 'Content-Type: application/json' --data '{"name":"pageview","url":"https://plausible.io","domain":"plausible.io","screen_width":1666}'
HTTP/2 202 
date: Tue, 29 Mar 2022 10:08:31 GMT
content-type: text/plain; charset=utf-8
content-length: 2
server: BunnyCDN-SE1-725
cdn-pullzone: 682664
cdn-uid: 153cb5b1-399a-48ef-b5bf-098c03770254
cdn-requestcountrycode: EE
access-control-allow-credentials: true
access-control-allow-origin: *
cache-control: must-revalidate, max-age=0, private
permissions-policy: interest-cohort=()
x-request-id: FuDSIw9tTU50Gq2xJPkD
cdn-proxyver: 1.02
cdn-requestpullsuccess: True
cdn-requestpullcode: 202
cdn-cachedat: 03/29/2022 10:08:31
cdn-edgestorageid: 725
cdn-status: 202
cdn-requestid: 2d91c3c7d381ce25ac4bc59a241e870b

ok% 

[andyj2022]

Sorry. I was using the wrong version of 'curl' on an Ubuntu virtual machine. To top it off, in the browser tests I was manually setting 'User-Agent' and 'X-Forwarded-For', which is prohibited.

[ukutaht]

No worries :)

[MichaelOrpheo]

I am having the exact same issue, but I am using the Flutter plugin plausible_analytics 0.3.0.

The plugin is setting the X-Forwarded-For header to 127.0.0.1, which seems to be causing the error. The issue is happening with Chrome and Firefox, but not Safari.

It seems that this CORS error is only happening when the browser is sending an OPTIONS request. I tried the curl command mentioned above and it worked.

I think that Safari is not sending OPTIONS requests, which is also the case for the curl command, and I think that's why it's working.

Am I missing something, or is there an error on the plausible.io cloud side?

[ukutaht]

Isn't flutter a framework for mobile apps? I haven't heard of flutter apps running in browsers.

What Content-type does the flutter plugin send?

[MichaelOrpheo]

Flutter is also used to build web apps. It's what I am using here.

The plugin is setting these headers:

• User-Agent
• Content-Type to application/json; charset=utf-8
• X-Forwarded-For to 127.0.0.1

If I remove the X-Forwarded-For header, it's working fine but I am not sure it's the right solution.

[ukutaht]

Content-Type to application/json; charset=utf-8

Try changing the content-type to text/plain. That's what we do in the official client to avoid OPTIONS request.