HTTParty Get a 403 When Other Rest Clients Succeed

StackOverflow https://stackoverflow.com/questions/19306915

  •  30-06-2022
  •  | 
  •  

Question

I'm attempting to create a resource using a post and HTTParty. The endpoint requires that a username and password are included as headers. Using a rest client extension for chrome, the post goes through fine, but when I attempt the same thing with HTTParty, I get a 403 Forbidden. I've compared the resulting requests in details and they seem to be identical.

My HTTParty post:

response = HTTParty.post(OpenIdm.end_point + extension_create,
        headers: {'X-OpenIDM-Username' => "<USERNAME>", 'X-OpenIDM-Password' => "<PASSWORD>"},  
        body: payload_hash.to_json 
    )

It's a fairly straightforward post request, and I've tried this directly with Ruby's Net::HTTP class as well as with another gem, RestClient. In all cases, I get a 403 while other methods of posting (those not using ruby) run fine. How could this work fine in other places but not work in Ruby?

Update:

Here is the debug output from the post:

opening connection to <HOST>...
opened
<- "POST /openidm/managed/user/234acbef-c501-4dbb-9501-b1dd45411928 HTTP/1.1\r\nX-Openidm-Username: <USERNAME>\r\nX-Openidm-Password: <PASSWORD>\r\nConnection: close\r\nHost: <HOST>.com:8080\r\n\r\n"

-> "HTTP/1.1 403 Forbidden\r\n"

-> "Set-Cookie: JSESSIONID=1mfz68wywh1jg1l3m04dprt0eu;Path=/\r\n"

-> "Expires: Thu, 01 Jan 1970 00:00:00 GMT\r\n"

-> "Content-Type: application/json; charset=UTF-8\r\n"

-> "Date: Fri, 11 Oct 2013 13:02:47 GMT\r\n"

-> "Accept-Ranges: bytes\r\n"

-> "Server: Restlet-Framework/2.0.15\r\n"

-> "Connection: close\r\n"

-> "\r\n"
reading all...

-> "{\"error\":403,\"reason\":\"Forbidden\",\"message\":\"Access denied\"}"

read 60 bytes

Conn close

{"error"=>403, "reason"=>"Forbidden", "message"=>"Access denied"}
Was it helpful?

Solution

It would seem this may be an issue with how Net::HTTP handles headers. I've tried the curb gem and everything works fine with this. The only disadvantage is the added dependency on curl. For those curious, here's the work-around:

http = Curl.post("<HOST>/openidm/managed/user/e9d105c0-14a5-0131-0eab-10ddb19e6b69", json 
    do |http|
        http.headers['X-OpenIDM-Username'] = '<USERNAME>'
        http.headers['X-OpenIDM-Password'] = '<PASSWORD>'
    end
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top