Cannot test event verify because an unspecified Content-Type is expected
Closed this issue · 10 comments
This is for twitch-cli version 1.1.5:
$ twitch version
twitch-cli/1.1.5
I am trying to run the event verify-subscription command and this is the result:
$ twitch event verify-subscription subscribe -F https://xxxxxxxx/test -s dfsion43jdghjyt5mry
✔ Valid response. Received challenge 7d099bf4-d1eb-5c99-5c00-6bd94c5016aa in body
✗ Invalid content-type header. Received type
✔ Valid status code. Received status 200
For the Content-Type header field I've tried supplying text/plain, text/html, and application/json, but they are all being rejected. For example:
$ twitch event verify-subscription subscribe -F https://xxxxxxxx/test -s dfsion43jdghjyt5mry
✔ Valid response. Received challenge 43b22ef8-c3f8-4777-4266-1339655c7dcf in body
✗ Invalid content-type header. Received type text/html; charset=UTF-8
✔ Valid status code. Received status 200
No matter what I put in that field it will be rejected. The docs make no mention of needing to specify the Content-Type and I can't think of what it should even conceivably be given text/plain and text/html are not valid, so I'm stuck.
Note: Apparently the charset is not supposed to be included in the Content-Type but the Twitch CLI complains about that regardless of me including it.
This C code:
char *challenge = get_challenge_from_request();
char response[256] = {0};
memcpy(response, "HTTP/1.1 200 OK\r\nContent-Length: 36\r\nContent-Type: text/html\r\n\r\n", 64);
memcpy(response + 64, challenge, 36);
write(socketfd, response, strlen(response));
Produces this output:
$ twitch event verify-subscription subscribe -F https://xxxxxx/test -s dfsion43jdghjyt5mry
✔ Valid response. Received challenge 7087e388-ff86-e86e-2763-dc3beb3aa02c in body
✗ Invalid content-type header. Received type text/html; charset=utf-8
✔ Valid status code. Received status 200
The Twitch CLI is adding the charset. I don't know why.
A quick search of the codebase
https://github.com/twitchdev/twitch-cli/search?q=utf-8&type=code
Shows no reference to utf-8 exists in the codebase
The Cli doesn't add headers, it only reports the headers.
See also
And follow the Go code back, it only reports the headers that your server returns it does not modify them
After much digging and thinking I figured out that it was Cloudflare adding the charset to the Content-Type header.
While this was my fault, it would have been nice to receive an error message that actually makes sense.
When it's not DNS it's cloudflare! :-D
You can always submit a PR to modify/expand the error reporting!
Reopening as this is a good bug report; should be something we catch.
I removed Cloudflare from the equation and fired up ngrok. This still doesn't work. The charset isn't being added now but I get the same error.
$ twitch event verify-subscription subscribe -F https://732e-216-252-208-243.ngrok.io -s dfsion43jdghjyt5mry
✔ Valid response. Received challenge 5ff89c27-aa8a-86f9-7e34-f720c338470d in body
✗ Invalid content-type header. Received type text/html
✔ Valid status code. Received status 200
What am I missing here?
Is there some documentation I missed that explains this Content-Type requirement?
text/plain is expected since you are only returning a string (the challenge).
You are not returning <html><head></head><body>thechallenge</body></html>
It's not noted in the EventSub documentation as this is more "web 101'y" on describing the content the HTTP request returns.
I was using text/html as per your recommendation on the Twitch discussion board:
Verify needs 200 + the challenge in plain HTML
I don't know how else to interpret that other than to be using HTML. It didn't make sense but neither do the error messages I'm getting.
I've changed the type to text/plain which is now working through ngrok.
that was a contractdictory typo on my part
Should of read
You could (in error) conceivable return the signature as JSON in error with a JSON header, when it should be plain text. So it’s a “make sure the dev didn’t make a mistake”
Verify needs 200 + the challenge in plain text
have corrected the post.
Hi,
as utf-8 header is mandatory and cannot be avoided on any express based server (expressjs/express#3490) this was added time ago to prevent a vulnerability found.
Would it be possible to make the cli work without returning an Invalid content-type header error? as there's no way prevent my app to add this header on the response.
thanks!