HTTP limitations? (DEF-3410) (SOLVED)

Ah, gotcha! Ok, we’ll have to wait for an engine fix. If there’s no side-effects of increasing that array then it’s released in a weeks time (1.2.135).

1 Like

Released in 1.2.135

1 Like

Hey, got back from my vacation and tried it out.

Unfortunately I am still having issues, but this time not with the length of the URL.

After playing around I am seeing errors from the REST API endpoint that are consistent with an incorrect auth key being passed in the URL (unlike before, it was a malformed/short one). From what I can see, this indicates that Defold might be doing some encoding of its own to the URL. Is there any way you can verify this? Thanks!

EDIT: When using Postman Echo, it does appear that the auth token passed IS correct. So my hypothesis on what is causing the issue is likely incorrect.

A sample URL:

https://triggered-d1327.firebaseio.com/user_saves/X4Rj7Jht8EfLVJWgOLOW6Lg5hbs1/base_64_encoded_save.json?auth=eyJhbGciOiJSUzI1NiIsImtpZCI6IjBmNTVkZWZlOWU5YzU2ZmRhZTRkOGY0MDFjZjQ5Njc4YzE2N2MzYWEifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vdHJpZ2dlcmVkLWQxMzI3IiwibmFtZSI6IkpvbmF0aGFuIEhhcnJpcyIsInBpY3R1cmUiOiJodHRwczovL2dyYXBoLmZhY2Vib29rLmNvbS8xMDE1NjM2ODg0NTY3NTQzNS9waWN0dXJlIiwiYXVkIjoidHJpZ2dlcmVkLWQxMzI3IiwiYXV0aF90aW1lIjoxNTM2ODU4ODgyLCJ1c2VyX2lkIjoiWDRSajdKaHQ4RWZMVkpXZ09MT1c2TGc1aGJzMSIsInN1YiI6Ilg0Umo3Smh0OEVmTFZKV2dPTE9XNkxnNWhiczEiLCJpYXQiOjE1MzY4NTg4ODIsImV4cCI6MTUzNjg2MjQ4MiwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6eyJmYWNlYm9vay5jb20iOlsiMTAxNTYzNjg4NDU2NzU0MzUiXX0sInNpZ25faW5fcHJvdmlkZXIiOiJmYWNlYm9vay5jb20ifX0.gGneHgLHPuTMY3QaUiz4EYQpHYsNVt87YZz6V1S2D9sPM4IWrsmxA-Skuj5JzZbvHLT_4l4uwQ5IYtz0Wq7CYpkmzA2veac9lU6rt-LYprNwtsISRutznhk54eicoFOteBuKnRIgkmn4PLaApjYkoriu0krKCBwqs8KWInXw0XMsc0eXyPRzPIrdnpm7Pv-bpxbAjb-8XmQr50ZnxIHpulK5B7XQrJ-xmbyNLRLUAO_arl2augNFnQ_DTiAqMUX_whc0EjZxQWCQZdlfJ2YppEiDN0bwq9lfjgr-UN4xB9pKTb0FEFf8rJJwlugEvqolFW87YjNTKDhPSM7ldHb02A

This should give a response of the data at the location, in Postman (or just in a browser) I will see:

"some sdfsdfdfdf"

In Defold I would see:

"Unable to validate signature."

The auth key will expire, so I can generate new URLs if and when you want to check this.

1 Like

We do not encode the URL in any way. That is up to you as a developer to take care of. But in this case it shouldn’t be needed. Can you share the token validation code? What could potential cause it to not be able to validate it?

1 Like

Hmm, when I paste the token here: https://jwt.io/ it also says “Invalid Signature”. Not sure if that is relevant or not…

1 Like

The token itself is fine.

If you paste this URL into a browser:

https://triggered-d1327.firebaseio.com/user_saves/X4Rj7Jht8EfLVJWgOLOW6Lg5hbs1/base_64_encoded_save.json?auth=eyJhbGciOiJSUzI1NiIsImtpZCI6IjBmNTVkZWZlOWU5YzU2ZmRhZTRkOGY0MDFjZjQ5Njc4YzE2N2MzYWEifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vdHJpZ2dlcmVkLWQxMzI3IiwibmFtZSI6IkpvbmF0aGFuIEhhcnJpcyIsInBpY3R1cmUiOiJodHRwczovL2dyYXBoLmZhY2Vib29rLmNvbS8xMDE1NjM2ODg0NTY3NTQzNS9waWN0dXJlIiwiYXVkIjoidHJpZ2dlcmVkLWQxMzI3IiwiYXV0aF90aW1lIjoxNTM2OTIzNjgyLCJ1c2VyX2lkIjoiWDRSajdKaHQ4RWZMVkpXZ09MT1c2TGc1aGJzMSIsInN1YiI6Ilg0Umo3Smh0OEVmTFZKV2dPTE9XNkxnNWhiczEiLCJpYXQiOjE1MzY5MjM2ODIsImV4cCI6MTUzNjkyNzI4MiwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6eyJmYWNlYm9vay5jb20iOlsiMTAxNTYzNjg4NDU2NzU0MzUiXX0sInNpZ25faW5fcHJvdmlkZXIiOiJmYWNlYm9vay5jb20ifX0.n_n2e6RWBpZq0vlPYUl5kOfgneEG3Ud4VaI9BhoU2JDXOjqbbqrqRDx3t7_ArT_XRUrp81m9LnnhmSzq9hef01LCAqKLEj6kzSnPpKu6jcbMWcHR6zNxpsjYK2kQGoxQ05_EqIE09HBYa2ELpzwXym3LCBRNWYV0ylyfcyN4-CY_dCjNdB-e9r_yzmCQ74Atp5Id-LN5U0uuegeBTO4oYs4wAEY9q0UBZOLuAAub8lN-GNcEBOZF0_00lAPgi2N8Ertlw8nmuSy2_aVF8JyNKLexyiGdEjNqg-DpbJ-AhAYwMUOKN_Tyixo9qUgWeYQevYJEVntIjGv_IAs0B6HWAg

You will get a response, which is the data at the location.

If you make this call in Defold, you will get a different response - that’s the problem.

Using the following code:

local url = "https://triggered-d1327.firebaseio.com/user_saves/X4Rj7Jht8EfLVJWgOLOW6Lg5hbs1/base_64_encoded_save.json?auth=eyJhbGciOiJSUzI1NiIsImtpZCI6IjBmNTVkZWZlOWU5YzU2ZmRhZTRkOGY0MDFjZjQ5Njc4YzE2N2MzYWEifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vdHJpZ2dlcmVkLWQxMzI3IiwibmFtZSI6IkpvbmF0aGFuIEhhcnJpcyIsInBpY3R1cmUiOiJodHRwczovL2dyYXBoLmZhY2Vib29rLmNvbS8xMDE1NjM2ODg0NTY3NTQzNS9waWN0dXJlIiwiYXVkIjoidHJpZ2dlcmVkLWQxMzI3IiwiYXV0aF90aW1lIjoxNTM2OTIzNjgyLCJ1c2VyX2lkIjoiWDRSajdKaHQ4RWZMVkpXZ09MT1c2TGc1aGJzMSIsInN1YiI6Ilg0Umo3Smh0OEVmTFZKV2dPTE9XNkxnNWhiczEiLCJpYXQiOjE1MzY5MjM2ODIsImV4cCI6MTUzNjkyNzI4MiwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6eyJmYWNlYm9vay5jb20iOlsiMTAxNTYzNjg4NDU2NzU0MzUiXX0sInNpZ25faW5fcHJvdmlkZXIiOiJmYWNlYm9vay5jb20ifX0.n_n2e6RWBpZq0vlPYUl5kOfgneEG3Ud4VaI9BhoU2JDXOjqbbqrqRDx3t7_ArT_XRUrp81m9LnnhmSzq9hef01LCAqKLEj6kzSnPpKu6jcbMWcHR6zNxpsjYK2kQGoxQ05_EqIE09HBYa2ELpzwXym3LCBRNWYV0ylyfcyN4-CY_dCjNdB-e9r_yzmCQ74Atp5Id-LN5U0uuegeBTO4oYs4wAEY9q0UBZOLuAAub8lN-GNcEBOZF0_00lAPgi2N8Ertlw8nmuSy2_aVF8JyNKLexyiGdEjNqg-DpbJ-AhAYwMUOKN_Tyixo9qUgWeYQevYJEVntIjGv_IAs0B6HWAg"
http.request(url, "GET", function(self,id,response)
	pprint(response)
end)

gives the following response:

{
  status = 401,
  response = {
  "error" : "Unable to validate signature."
}
,
  headers = {
    server = nginx,
    strict-transport-security = max-age=31556926; includeSubDomains; preload,
    content-type = application/json; charset=utf-8,
    connection = keep-alive,
    content-length = 48,
    cache-control = no-cache,
    date = Fri, 14 Sep 2018 11:18:16 GMT,
    access-control-allow-origin = *,
  }
}
1 Like

Yes, I’ve tested this myself and seen the same thing. Not really sure what could be wrong. I’ll try to figure it out.

2 Likes

Thanks, I’ll continue to experiment myself and keep this thread updated with my findings.

Also, I should have said that I think the token is fine. It could very well be part of the problem.

Using https://jwt.io however gives me a good result with:

eyJhbGciOiJSUzI1NiIsImtpZCI6IjBmNTVkZWZlOWU5YzU2ZmRhZTRkOGY0MDFjZjQ5Njc4YzE2N2MzYWEifQ.eyJpc3MiOiJodHRwczovL3NlY3VyZXRva2VuLmdvb2dsZS5jb20vdHJpZ2dlcmVkLWQxMzI3IiwibmFtZSI6IkpvbmF0aGFuIEhhcnJpcyIsInBpY3R1cmUiOiJodHRwczovL2dyYXBoLmZhY2Vib29rLmNvbS8xMDE1NjM2ODg0NTY3NTQzNS9waWN0dXJlIiwiYXVkIjoidHJpZ2dlcmVkLWQxMzI3IiwiYXV0aF90aW1lIjoxNTM2OTIzNjgyLCJ1c2VyX2lkIjoiWDRSajdKaHQ4RWZMVkpXZ09MT1c2TGc1aGJzMSIsInN1YiI6Ilg0Umo3Smh0OEVmTFZKV2dPTE9XNkxnNWhiczEiLCJpYXQiOjE1MzY5MjM2ODIsImV4cCI6MTUzNjkyNzI4MiwiZmlyZWJhc2UiOnsiaWRlbnRpdGllcyI6eyJmYWNlYm9vay5jb20iOlsiMTAxNTYzNjg4NDU2NzU0MzUiXX0sInNpZ25faW5fcHJvdmlkZXIiOiJmYWNlYm9vay5jb20ifX0.n_n2e6RWBpZq0vlPYUl5kOfgneEG3Ud4VaI9BhoU2JDXOjqbbqrqRDx3t7_ArT_XRUrp81m9LnnhmSzq9hef01LCAqKLEj6kzSnPpKu6jcbMWcHR6zNxpsjYK2kQGoxQ05_EqIE09HBYa2ELpzwXym3LCBRNWYV0ylyfcyN4-CY_dCjNdB-e9r_yzmCQ74Atp5Id-LN5U0uuegeBTO4oYs4wAEY9q0UBZOLuAAub8lN-GNcEBOZF0_00lAPgi2N8Ertlw8nmuSy2_aVF8JyNKLexyiGdEjNqg-DpbJ-AhAYwMUOKN_Tyixo9qUgWeYQevYJEVntIjGv_IAs0B6HWAg

EDIT: Just noticed the invalid signature part you mentioned, whoops… maybe this leads somewhere.
EDIT2: Which makes sense… there’s no public key. Still stumped…

If I bundle as HTML, it works - so it would seem that something happening in the engine with the HTTP request. I still don’t have any clues for you however. If you continue to test with that URL, you would expect token expired/permission denied response - we want to avoid the ‘unable to validate…’ response.

Ok, so it works from a browser… hmm… that’s a clue at least. The http.request function has a different implementation on HTML5.

Is there anything you can share me regarding the implementation of the http requests so I might be able to figure out what’s going on?

No not really I’m afraid. I’ve been stuck working on another thing. I’ll look into this soon, most likely on Wednesday.

1 Like

OK thanks.

Created a new ticket to track this issue: DEF-3494

2 Likes

FYI: The fix should be released with 1.2.137 on Monday.

3 Likes

Oh awesome. I guess you figured it out then :). Anything interesting?

1 Like

Fixed in Defold 1.2.137

3 Likes