Project

General

Profile

[Solved] POST request redirected to GET request

Added by finn@lesueur.nz 25 days ago

Kia ora, thanks again for the great webserver. It's been rock solid since I migrated from Apache and got help with my config last time.

At the moment I am trying to write a webapp which receives some data to a webhook via a POST request, and I am finding that the POST request is redirected (or rewritten, I'm unclear on that) to a GET request. The problem being is that the POST body content gets lost on that redirect, and I need a way to retain it. I figure that should be achieved by fixing this redirect.

Lighttpd Version

root@webserver:/etc/lighttpd# lighttpd -v
lighttpd/1.4.59 (ssl) - a light and fast webserver

System Configuration

I am running a Linode Nanode VPS.

system info:
  Distro......: Ubuntu 21.04
  Kernel......: Linux 5.11.0-25-generic

  Uptime......: up 4 weeks, 2 days, 7 hours, 45 minutes
  Load........: 0.00 (1m), 0.00 (5m), 0.00 (15m)
  Processes...: 130 (root), 17 (user), 147 (total)

  CPU.........: AMD EPYC 7601 32-Core Processor (1 vCPU)
  Memory......: 236Mi used, 479Mi avail, 972Mi total

Lighttpd Configuration

I have attached the full configuration. It has a bunch of vhost configurations but the one I am battling with is this chunk here:

$HTTP["host"] =~ "(^|.)fitlytics.lesueur.nz$" {
    # block 12
    server.document-root    = "/srv/fitlytics.lesueur.nz/public/" 
    url.rewrite-if-not-file = (
        "\.(?:js|ico|gif|jpg|jpeg|png|css|ttf)$" => "",
        ".*"                                     => "/index.php/$0",
        # 2
    )
    ssl.privkey             = "/etc/letsencrypt/live/fitlytics.lesueur.nz/privkey.pem" 
    ssl.pemfile             = "/etc/letsencrypt/live/fitlytics.lesueur.nz/fullchain.pem" 

} # end of $HTTP["host"] =~ "(^|.)fitlytics.lesueur.nz$" 

I also suspect it has to do something with this block here where I am trying to rewrite to HTTPS:

$HTTP["scheme"] == "http" {
    # block 5
    url.rewrite = (
        "" => "https://${url.authority}${url.path}${qsa}",
    )

} # end of $HTTP["scheme"] == "http" 

Now, if I make a request like this to the server:

curl --location --request POST 'https://fitlytics.lesueur.nz/api/webhook/strava' \
--header 'Content-Type: application/json' \
--data-raw '{
    "aspect_type": "update",
    "event_time": 1516126040,
    "object_id": 1360128428,
    "object_type": "activity",
    "owner_id": 134815,
    "subscription_id": 120475,
    "updates": {
        "title": "Messy" 
    }
}'

I see these lines in my access log:

49.50.210.157 fitlytics.lesueur.nz:443 - [26/Aug/2021:18:00:13 +1200] "POST /api/webhook/strava HTTP/1.1" 302 434 "-" "PostmanRuntime/7.28.3" 
49.50.210.157 fitlytics.lesueur.nz:443 - [26/Aug/2021:18:00:13 +1200] "GET /api/webhook/strava HTTP/1.1" 200 16874 "https://fitlytics.lesueur.nz/api/webhook/strava" "PostmanRuntime/7.28.3" 

And with the help of the debugging variables I can see this:

2021-08-26 17:43:48: connections.c.800) fd: 12 request-len: 713\nPOST /api/webhook/strava HTTP/1.1\r\nContent-Type: application/json\r\nUser-Agent: PostmanRuntime/7.28.3\r\nAccept: */*\r\nCache-Control: no-cache\r\nPostman-Token: 23796683-1da4-4aaa-aa59-79a674306e77\r\nHost: fitlytics.lesueur.nz\r\nAccept-Encoding: gzip, deflate, br\r\nConnection: keep-alive\r\nContent-Length: 225\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBQVEdYMlFtMUN2KzRrcVRBMXJaSmc9PSIsInZhbHVlIjoicG13VzcxN2Zxa25IRDRHbTByQjNyM3A2aUNFYnBVaEVUTEtBOHpTaHJEdExJbG4yUXM4V1h4ZGdIY1VnSjFmNUFwc0xYM1MwUW40dEZjdVgxOUlteDhOY1NqUVhOQVZqNFFpSVhLTm1XVUFuUnFwMVJ2aGdnWkhQTUFLb3I5WnIiLCJtYWMiOiIxOGQ3ZjJhZjRmMGM3ZWI4MzNlMjA5M2Q3ODlkZWNhNDA3ZGFkODkzZDQwNTBiNWJhYTViN2I1NmZiNmZlZDFiIn0%3D; laravel_session=W2T98R1YnPi8hAexagLxCh45j4pzYHI0ogaB3XoT\r\n\r\n
2021-08-26 17:43:48: response.c.398) -- parsed Request-URI
2021-08-26 17:43:48: response.c.400) Request-URI     : /api/webhook/strava
2021-08-26 17:43:48: response.c.402) URI-scheme      : https
2021-08-26 17:43:48: response.c.404) URI-authority   : fitlytics.lesueur.nz
2021-08-26 17:43:48: response.c.406) URI-path (clean): /api/webhook/strava
2021-08-26 17:43:48: response.c.408) URI-query       :
2021-08-26 17:43:48: mod_access.c.139) -- mod_access_uri_handler called
2021-08-26 17:43:48: response.c.519) -- before doc_root
2021-08-26 17:43:48: response.c.521) Doc-Root     : /srv/fitlytics.lesueur.nz/public/
2021-08-26 17:43:48: response.c.523) Rel-Path     : /api/webhook/strava
2021-08-26 17:43:48: response.c.525) Path         : /srv/adventurelog.nz/public/index.php
2021-08-26 17:43:48: response.c.558) -- after doc_root
2021-08-26 17:43:48: response.c.560) Doc-Root     : /srv/fitlytics.lesueur.nz/public/
2021-08-26 17:43:48: response.c.562) Rel-Path     : /api/webhook/strava
2021-08-26 17:43:48: response.c.564) Path         : /srv/fitlytics.lesueur.nz/public/api/webhook/strava
2021-08-26 17:43:48: response.c.398) -- parsed Request-URI
2021-08-26 17:43:48: response.c.400) Request-URI     : /index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.402) URI-scheme      : https
2021-08-26 17:43:48: response.c.404) URI-authority   : fitlytics.lesueur.nz
2021-08-26 17:43:48: response.c.406) URI-path (clean): /index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.408) URI-query       :
2021-08-26 17:43:48: mod_access.c.139) -- mod_access_uri_handler called
2021-08-26 17:43:48: response.c.519) -- before doc_root
2021-08-26 17:43:48: response.c.521) Doc-Root     : /srv/fitlytics.lesueur.nz/public/
2021-08-26 17:43:48: response.c.523) Rel-Path     : /index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.525) Path         : /srv/fitlytics.lesueur.nz/public/api/webhook/strava
2021-08-26 17:43:48: response.c.558) -- after doc_root
2021-08-26 17:43:48: response.c.560) Doc-Root     : /srv/fitlytics.lesueur.nz/public/
2021-08-26 17:43:48: response.c.562) Rel-Path     : /index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.564) Path         : /srv/fitlytics.lesueur.nz/public/index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.579) -- logical -> physical
2021-08-26 17:43:48: response.c.581) Doc-Root     : /srv/fitlytics.lesueur.nz/public/
2021-08-26 17:43:48: response.c.583) Basedir      : /srv/fitlytics.lesueur.nz/public/
2021-08-26 17:43:48: response.c.585) Rel-Path     : /index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.587) Path         : /srv/fitlytics.lesueur.nz/public/index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.602) -- handling physical path
2021-08-26 17:43:48: response.c.604) Path         : /srv/fitlytics.lesueur.nz/public/index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.612) -- handling subrequest
2021-08-26 17:43:48: response.c.614) Path         : /srv/fitlytics.lesueur.nz/public/index.php
2021-08-26 17:43:48: response.c.616) URI          : /index.php
2021-08-26 17:43:48: response.c.618) Pathinfo     : /api/webhook/strava
2021-08-26 17:43:48: mod_access.c.139) -- mod_access_uri_handler called
2021-08-26 17:43:48: gw_backend.c.2571) handling it in mod_gw
2021-08-26 17:43:48: response.c.158) Response-Header:\nHTTP/1.1 302 Found\r\nCache-Control: private\r\nDate: Thu, 26 Aug 2021 05:43:48 GMT\r\nLocation: https://fitlytics.lesueur.nz/api/webhook/strava\r\nX-Streams-Distribution: PyroCMS-v3.8\r\nContent-Type: text/html; charset=UTF-8\r\nSet-Cookie: session_proxy=eyJpdiI6ImtFSUNnbnRRUlpxSExTZHEvUzBOUmc9PSIsInZhbHVlIjoiaWNLTUY0OUFId2NlQ2hLcC9NcEdack54M25lNE1vYUMzUmgrUzAySjhFdDdQZHdUOHRYSTZaN2xGKzJNcGo1UiIsIm1hYyI6ImQyOTE0M2ZhNWFiNzI2MzQxMjE4ZTk4ZGQ5OGNhNmM0NTU0ZmE2ZWIxYWMwNTIxNzI5Yzc0NWNjZDU4OTUxY2EifQ%3D%3D; expires=Thu, 26-Aug-2021 05:42:48 GMT; Max-Age=0; path=/; secure; httponly\r\nSet-Cookie: laravel_session=W2T98R1YnPi8hAexagLxCh45j4pzYHI0ogaB3XoT; expires=Fri, 26-Aug-2022 05:43:48 GMT; Max-Age=31536000; path=/; httponly\r\nContent-Length: 434\r\nServer: lighttpd/1.4.59\r\n\r\n
2021-08-26 17:43:48: connections.c.800) fd: 12 request-len: 717\nGET /api/webhook/strava HTTP/1.1\r\nUser-Agent: PostmanRuntime/7.28.3\r\nAccept: */*\r\nCache-Control: no-cache\r\nPostman-Token: 23796683-1da4-4aaa-aa59-79a674306e77\r\nAccept-Encoding: gzip, deflate, br\r\nConnection: keep-alive\r\nCookie: XSRF-TOKEN=eyJpdiI6IlBQVEdYMlFtMUN2KzRrcVRBMXJaSmc9PSIsInZhbHVlIjoicG13VzcxN2Zxa25IRDRHbTByQjNyM3A2aUNFYnBVaEVUTEtBOHpTaHJEdExJbG4yUXM4V1h4ZGdIY1VnSjFmNUFwc0xYM1MwUW40dEZjdVgxOUlteDhOY1NqUVhOQVZqNFFpSVhLTm1XVUFuUnFwMVJ2aGdnWkhQTUFLb3I5WnIiLCJtYWMiOiIxOGQ3ZjJhZjRmMGM3ZWI4MzNlMjA5M2Q3ODlkZWNhNDA3ZGFkODkzZDQwNTBiNWJhYTViN2I1NmZiNmZlZDFiIn0%3D; laravel_session=W2T98R1YnPi8hAexagLxCh45j4pzYHI0ogaB3XoT\r\nReferer: https://fitlytics.lesueur.nz/api/webhook/strava\r\nHost: fitlytics.lesueur.nz\r\n\r\n
2021-08-26 17:43:48: response.c.398) -- parsed Request-URI
2021-08-26 17:43:48: response.c.400) Request-URI     : /api/webhook/strava
2021-08-26 17:43:48: response.c.402) URI-scheme      : https
2021-08-26 17:43:48: response.c.404) URI-authority   : fitlytics.lesueur.nz
2021-08-26 17:43:48: response.c.406) URI-path (clean): /api/webhook/strava
2021-08-26 17:43:48: response.c.408) URI-query       :
2021-08-26 17:43:48: mod_access.c.139) -- mod_access_uri_handler called
2021-08-26 17:43:48: response.c.519) -- before doc_root
2021-08-26 17:43:48: response.c.521) Doc-Root     : /srv/fitlytics.lesueur.nz/public/
2021-08-26 17:43:48: response.c.523) Rel-Path     : /api/webhook/strava
2021-08-26 17:43:48: response.c.525) Path         : /srv/fitlytics.lesueur.nz/public/index.php
2021-08-26 17:43:48: response.c.558) -- after doc_root
2021-08-26 17:43:48: response.c.560) Doc-Root     : /srv/fitlytics.lesueur.nz/public/
2021-08-26 17:43:48: response.c.562) Rel-Path     : /api/webhook/strava
2021-08-26 17:43:48: response.c.564) Path         : /srv/fitlytics.lesueur.nz/public/api/webhook/strava
2021-08-26 17:43:48: response.c.398) -- parsed Request-URI
2021-08-26 17:43:48: response.c.400) Request-URI     : /index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.402) URI-scheme      : https
2021-08-26 17:43:48: response.c.404) URI-authority   : fitlytics.lesueur.nz
2021-08-26 17:43:48: response.c.406) URI-path (clean): /index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.408) URI-query       :
2021-08-26 17:43:48: mod_access.c.139) -- mod_access_uri_handler called
2021-08-26 17:43:48: response.c.519) -- before doc_root
2021-08-26 17:43:48: response.c.521) Doc-Root     : /srv/fitlytics.lesueur.nz/public/
2021-08-26 17:43:48: response.c.523) Rel-Path     : /index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.525) Path         : /srv/fitlytics.lesueur.nz/public/api/webhook/strava
2021-08-26 17:43:48: response.c.558) -- after doc_root
2021-08-26 17:43:48: response.c.560) Doc-Root     : /srv/fitlytics.lesueur.nz/public/
2021-08-26 17:43:48: response.c.562) Rel-Path     : /index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.564) Path         : /srv/fitlytics.lesueur.nz/public/index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.579) -- logical -> physical
2021-08-26 17:43:48: response.c.581) Doc-Root     : /srv/fitlytics.lesueur.nz/public/
2021-08-26 17:43:48: response.c.583) Basedir      : /srv/fitlytics.lesueur.nz/public/
2021-08-26 17:43:48: response.c.585) Rel-Path     : /index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.587) Path         : /srv/fitlytics.lesueur.nz/public/index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.602) -- handling physical path
2021-08-26 17:43:48: response.c.604) Path         : /srv/fitlytics.lesueur.nz/public/index.php/api/webhook/strava
2021-08-26 17:43:48: response.c.612) -- handling subrequest
2021-08-26 17:43:48: response.c.614) Path         : /srv/fitlytics.lesueur.nz/public/index.php
2021-08-26 17:43:48: response.c.616) URI          : /index.php
2021-08-26 17:43:48: response.c.618) Pathinfo     : /api/webhook/strava
2021-08-26 17:43:48: mod_access.c.139) -- mod_access_uri_handler called
2021-08-26 17:43:48: gw_backend.c.2571) handling it in mod_gw
2021-08-26 17:43:48: response.c.158) Response-Header:\nHTTP/1.1 200 OK\r\nContent-type: text/html; charset=UTF-8\r\nContent-Length: 16878\r\nDate: Thu, 26 Aug 2021 05:43:48 GMT\r\nServer: lighttpd/1.4.59\r\n\r\n
...skipping...
2021-08-26 18:01:00: response.c.585) Rel-Path     : /index.php
2021-08-26 18:01:00: response.c.581) Doc-Root     : /srv/adventurelog.nz/public/
2021-08-26 18:01:00: response.c.583) Basedir      : /srv/adventurelog.nz/public/
2021-08-26 18:01:00: response.c.585) Rel-Path     : /index.php
2021-08-26 18:01:00: response.c.587) Path         : /srv/adventurelog.nz/public/index.php
2021-08-26 18:01:00: response.c.602) -- handling physical path
2021-08-26 18:01:00: response.c.604) Path         : /srv/adventurelog.nz/public/index.php
2021-08-26 18:01:00: response.c.612) -- handling subrequest
2021-08-26 18:01:00: response.c.614) Path         : /srv/adventurelog.nz/public/index.php
2021-08-26 18:01:00: response.c.616) URI          : /index.php
2021-08-26 18:01:00: response.c.618) Pathinfo     : /api/webhook/strava
2021-08-26 18:01:00: mod_access.c.139) -- mod_access_uri_handler called
2021-08-26 18:01:00: gw_backend.c.2571) handling it in mod_gw
2021-08-26 18:01:00: response.c.158) Response-Header:\nHTTP/1.1 500 Internal Server Error\r\nCache-Control: no-cache, public, s-maxage=0\r\ndate: Thu, 26 Aug 2021 06:01:00 GMT\r\nX-Streams-Distribution: PyroCMS-v3.7\r\nContent-Type: text/html; charset=UTF-8\r\nSet-Cookie: XSRF-TOKEN=eyJpdiI6IlpZOEN0VVBFb3ViNUtvUk5lTVBJTWc9PSIsInZhbHVlIjoiNVR1TnRqQUlJaDVBUk5mcis2NUtrZWlCaHVSUXdjK1NkZGd0dGZwWVV3TEFnYnJnSUtSQ0JUcnVQSHowOEFROCIsIm1hYyI6IjYzOGRjNWQwY2FkOWM1ZWRkMGQzOTIzYmY1MTVlNTA0YzUwZTRkMjQ2NzQwOWI2OTk2MDI0ZDcyM2E1OGM3YzUifQ%3D%3D; expires=Thu, 26-Aug-2021 08:01:00 GMT; Max-Age=7200; path=/\r\nSet-Cookie: session_proxy=eyJpdiI6IkFpeFhPSFdVY1hVZEZhMnYzdkU0S3c9PSIsInZhbHVlIjoiWHBuMisxRUErOHpEbDhabXY1dlR1dz09IiwibWFjIjoiZWFjNmUzMzVkYWU0NTlkZDg4MjZlOGJlNzkxYTQ2MzAwNmYyODNlZTA2MDEzZmQ1MzU3OTQwMzk3Njk5OTc3OSJ9; expires=Thu, 26-Aug-2021 06:00:00 GMT; Max-Age=0; path=/; secure; httponly\r\nSet-Cookie: laravel_session=Ru2AKrjmM3GSlINR6S5CvLUpzckhtyG39O0qKAyX; expires=Thu, 26-Aug-2021 08:01:00 GMT; Max-Age=7200; path=/; httponly\r\nContent-Length: 3897\r\nServer:
lighttpd/1.4.59\r\n\r\n

Thank you for your input and I'm open to being told I'm thinking about this the wrong way around.

Finn :)


Replies (4)

RE: POST request redirected to GET request - Added by gstrauss 25 days ago

$HTTP["scheme"] == "http" {
    url.rewrite = (  # INCORRECT?
        "" => "https://${url.authority}${url.path}${qsa}",
    )
}

Did you find that in an example somewhere? That looks like a mistake: it should be url.redirect, not url.rewrite:

$HTTP["scheme"] == "http" {
    url.redirect = (
        "" => "https://${url.authority}${url.path}${qsa}",
    )
    url.redirect-code = 308
}

As for redirecting POST to GET, that is proper behavior from the browser unless you specify that other behavior is desired.
See status codes 307 and 308, described at https://developer.mozilla.org/en-US/docs/Web/HTTP/Status

RE: POST request redirected to GET request - Added by finn@lesueur.nz 25 days ago

Ah, I think I was seeing if rewrite had any effect. I've made that change back to url.redirect and am using url.redirect-code = 308. I have re-attached my lighttpd.conf. Thanks for pointing out the correct 3xx code - I hadn't seen 308 before. I need to become a little more familiar with them.

For some reason I'm not getting a 308 redirect in my logs yet - I've definitely restarted the service too.

curl --request POST 'https://fitlytics.lesueur.nz/api/webhook/strava' \
                                --header 'Content-Type: application/json' \
                                --header 'Content-Length: 225' \
                                --header 'Cookie: XSRF-TOKEN=eyJpdiI6ImVxRVFsb1BoRXJzNnEzWG5ibjBvSGc9PSIsInZhbHVlIjoiVWZrbUhWVHE5U0JqVytHRW1GczhnaHd2STU0L3Y1V2ltdHdYV2tVbkFjMmZHUnl4RWJnbkt1RldyNm5TUUpXRXIrbE5JekY1cVZwZUlORC9vRXI4b3N5bkI5U1IwQWlsNklGTG9qdG4yZ2hxZW9DS0pZQlVqVnNIbmRVTU5PbUwiLCJtYWMiOiIwOWZmOTcyNWIxYjRhYzQ0NjE5MThkY2FmNDJmNGI4Zjg3ZmM3M2U5M2ZmZTA5Y2Q3Y2ZjMWJkNDYzMzVmYTg3In0%3D; laravel_session=1sUZXx54mL6BiMflglCWnUlqw4gTJQHp2v3y0cBU; remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6ImZ0d0x5elFiOVJtNkplN2IzSzFaaFE9PSIsInZhbHVlIjoiNWM3dThKMkxqMUMxYk9uQ0xMMFNIVkJQWlpieTZqMWp1OHpjVmJjZG9JdGZYZktESmpLTXlpUlZyWDV0NDd1UnVBYWw4UEJlNXNaai9KVlBpQzhyV2haNEEyNk5lVUxtSDNCaDVqOStFKytnOHVMV2JCVHFXRWpFbndLMmQwajRHcFZrNnp5dHhzUnY1QW9OUmVobGFsdEJpMHRyZGZqT1NhRkZNV3djdFdiUkY2bnlKUldPaWFlMEVtRGxybTBCZHJmaGNzL0lIN1hFQ3dHVks2bjhMYlJqTlk2QytGT3RVZlJ3SzNvWGpnaz0iLCJtYWMiOiI5NTA0MWRhYmZlNzMxYmNmNzU1MzgxMjgwODkzODQ1MzIyMDQ1OGY1NjUzOGFhNDc1MTAwMmU5ZjZjZTNjZWVkIn0%3D; session_proxy=eyJpdiI6ImFFZzVBbHVKcTdBcG0rKzNPd1JvcXc9PSIsInZhbHVlIjoiNVlieDdtY01zTGpVbHFRTFlMdFBsNWNvYkFERDJ4UzloUkFqVVM3MDAwMjZWQWxRWXdwMWtyQ3Nmbzhxc0pFVyIsIm1hYyI6ImNhZjA1YjQ5MGRkMzJjNmMxZDczMzY1MmU2MzA5NGZhY2YzM2U2MGRhZGQ3ZDExODY0ODIzODc5ZWFmZTg5MjIifQ%3D%3D' \
                                --data-raw '{
                                "aspect_type": "update",
                                "event_time": 1516126040,
                                "object_id": 1360128428,
                                "object_type": "activity",
                                "owner_id": 134815,
                                "subscription_id": 120475,
                                "updates": {
                                    "title": "Messy" 
                                }
                            }' --verbose --location
Note: Unnecessary use of -X or --request, POST is already inferred.
*   Trying 172.105.169.195...
* TCP_NODELAY set
* Connected to fitlytics.lesueur.nz (172.105.169.195) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=fitlytics.lesueur.nz
*  start date: Jun 29 09:59:04 2021 GMT
*  expire date: Sep 27 09:59:03 2021 GMT
*  subjectAltName: host "fitlytics.lesueur.nz" matched cert's "fitlytics.lesueur.nz" 
*  issuer: C=US; O=Let's Encrypt; CN=R3
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7fe29780ca00)
> POST /api/webhook/strava HTTP/2
> Host: fitlytics.lesueur.nz
> User-Agent: curl/7.64.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 225
> Cookie: XSRF-TOKEN=eyJpdiI6ImVxRVFsb1BoRXJzNnEzWG5ibjBvSGc9PSIsInZhbHVlIjoiVWZrbUhWVHE5U0JqVytHRW1GczhnaHd2STU0L3Y1V2ltdHdYV2tVbkFjMmZHUnl4RWJnbkt1RldyNm5TUUpXRXIrbE5JekY1cVZwZUlORC9vRXI4b3N5bkI5U1IwQWlsNklGTG9qdG4yZ2hxZW9DS0pZQlVqVnNIbmRVTU5PbUwiLCJtYWMiOiIwOWZmOTcyNWIxYjRhYzQ0NjE5MThkY2FmNDJmNGI4Zjg3ZmM3M2U5M2ZmZTA5Y2Q3Y2ZjMWJkNDYzMzVmYTg3In0%3D; laravel_session=1sUZXx54mL6BiMflglCWnUlqw4gTJQHp2v3y0cBU; remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6ImZ0d0x5elFiOVJtNkplN2IzSzFaaFE9PSIsInZhbHVlIjoiNWM3dThKMkxqMUMxYk9uQ0xMMFNIVkJQWlpieTZqMWp1OHpjVmJjZG9JdGZYZktESmpLTXlpUlZyWDV0NDd1UnVBYWw4UEJlNXNaai9KVlBpQzhyV2haNEEyNk5lVUxtSDNCaDVqOStFKytnOHVMV2JCVHFXRWpFbndLMmQwajRHcFZrNnp5dHhzUnY1QW9OUmVobGFsdEJpMHRyZGZqT1NhRkZNV3djdFdiUkY2bnlKUldPaWFlMEVtRGxybTBCZHJmaGNzL0lIN1hFQ3dHVks2bjhMYlJqTlk2QytGT3RVZlJ3SzNvWGpnaz0iLCJtYWMiOiI5NTA0MWRhYmZlNzMxYmNmNzU1MzgxMjgwODkzODQ1MzIyMDQ1OGY1NjUzOGFhNDc1MTAwMmU5ZjZjZTNjZWVkIn0%3D; session_proxy=eyJpdiI6ImFFZzVBbHVKcTdBcG0rKzNPd1JvcXc9PSIsInZhbHVlIjoiNVlieDdtY01zTGpVbHFRTFlMdFBsNWNvYkFERDJ4UzloUkFqVVM3MDAwMjZWQWxRWXdwMWtyQ3Nmbzhxc0pFVyIsIm1hYyI6ImNhZjA1YjQ5MGRkMzJjNmMxZDczMzY1MmU2MzA5NGZhY2YzM2U2MGRhZGQ3ZDExODY0ODIzODc5ZWFmZTg5MjIifQ%3D%3D
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 8)!
* We are completely uploaded and fine
< HTTP/2 302
< cache-control: no-cache, private
< date: Thu, 26 Aug 2021 22:34:04 GMT
< location: https://fitlytics.lesueur.nz/api/webhook/strava
< x-streams-distribution: PyroCMS-v3.8
< content-type: text/html; charset=UTF-8
< set-cookie: session_proxy=eyJpdiI6IlpjMFdyK0RjNnhtY2pOeXJGcHFGUEE9PSIsInZhbHVlIjoibjd5SGxlVzA4bEl1Sy95Slp4Y3NhOE1PdE5ObkF0OWV1dlFSSzBEWjRNSmlMakNVSkcrSkt5V3lWRXZMUzcraiIsIm1hYyI6ImQ4N2YxZjM4YzgyZjEwMWZhZWVlNWUyZTE0MjE2ODY5MDU1NDA1OWYwZDAxMDAxNjA5NzI0ZDY0YTA0MjdlZGUifQ%3D%3D; expires=Fri, 26-Aug-2022 22:34:04 GMT; Max-Age=31536000; path=/; secure; httponly
< set-cookie: laravel_session=1sUZXx54mL6BiMflglCWnUlqw4gTJQHp2v3y0cBU; expires=Fri, 26-Aug-2022 22:34:04 GMT; Max-Age=31536000; path=/; httponly
< content-length: 434
< server: lighttpd/1.4.59
<
* Ignoring the response-body
* Connection #0 to host fitlytics.lesueur.nz left intact
* Issue another request to this URL: 'https://fitlytics.lesueur.nz/api/webhook/strava'
* Switch from POST to GET
* Found bundle for host fitlytics.lesueur.nz: 0x7fe296606550 [can multiplex]
* Re-using existing connection! (#0) with host fitlytics.lesueur.nz
* Connected to fitlytics.lesueur.nz (172.105.169.195) port 443 (#0)
* Using Stream ID: 3 (easy handle 0x7fe29780ca00)
> POST /api/webhook/strava HTTP/2
> Host: fitlytics.lesueur.nz
> User-Agent: curl/7.64.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 225
> Cookie: XSRF-TOKEN=eyJpdiI6ImVxRVFsb1BoRXJzNnEzWG5ibjBvSGc9PSIsInZhbHVlIjoiVWZrbUhWVHE5U0JqVytHRW1GczhnaHd2STU0L3Y1V2ltdHdYV2tVbkFjMmZHUnl4RWJnbkt1RldyNm5TUUpXRXIrbE5JekY1cVZwZUlORC9vRXI4b3N5bkI5U1IwQWlsNklGTG9qdG4yZ2hxZW9DS0pZQlVqVnNIbmRVTU5PbUwiLCJtYWMiOiIwOWZmOTcyNWIxYjRhYzQ0NjE5MThkY2FmNDJmNGI4Zjg3ZmM3M2U5M2ZmZTA5Y2Q3Y2ZjMWJkNDYzMzVmYTg3In0%3D; laravel_session=1sUZXx54mL6BiMflglCWnUlqw4gTJQHp2v3y0cBU; remember_web_59ba36addc2b2f9401580f014c7f58ea4e30989d=eyJpdiI6ImZ0d0x5elFiOVJtNkplN2IzSzFaaFE9PSIsInZhbHVlIjoiNWM3dThKMkxqMUMxYk9uQ0xMMFNIVkJQWlpieTZqMWp1OHpjVmJjZG9JdGZYZktESmpLTXlpUlZyWDV0NDd1UnVBYWw4UEJlNXNaai9KVlBpQzhyV2haNEEyNk5lVUxtSDNCaDVqOStFKytnOHVMV2JCVHFXRWpFbndLMmQwajRHcFZrNnp5dHhzUnY1QW9OUmVobGFsdEJpMHRyZGZqT1NhRkZNV3djdFdiUkY2bnlKUldPaWFlMEVtRGxybTBCZHJmaGNzL0lIN1hFQ3dHVks2bjhMYlJqTlk2QytGT3RVZlJ3SzNvWGpnaz0iLCJtYWMiOiI5NTA0MWRhYmZlNzMxYmNmNzU1MzgxMjgwODkzODQ1MzIyMDQ1OGY1NjUzOGFhNDc1MTAwMmU5ZjZjZTNjZWVkIn0%3D; session_proxy=eyJpdiI6ImFFZzVBbHVKcTdBcG0rKzNPd1JvcXc9PSIsInZhbHVlIjoiNVlieDdtY01zTGpVbHFRTFlMdFBsNWNvYkFERDJ4UzloUkFqVVM3MDAwMjZWQWxRWXdwMWtyQ3Nmbzhxc0pFVyIsIm1hYyI6ImNhZjA1YjQ5MGRkMzJjNmMxZDczMzY1MmU2MzA5NGZhY2YzM2U2MGRhZGQ3ZDExODY0ODIzODc5ZWFmZTg5MjIifQ%3D%3D
>
* HTTP/2 stream 0 was not closed cleanly: INTERNAL_ERROR (err 2)
* stopped the pause stream!
* Connection #0 to host fitlytics.lesueur.nz left intact
curl: (92) HTTP/2 stream 0 was not closed cleanly: INTERNAL_ERROR (err 2)
* Closing connection 0

I'll keep trying, and thinking!

RE: POST request redirected to GET request - Added by gstrauss 24 days ago

I'll keep trying, and thinking!

I think you need to try a bit harder.

For some reason I'm not getting a 308 redirect in my logs yet - I've definitely restarted the service too.

curl --request POST 'https://fitlytics.lesueur.nz/api/webhook/strava' ...

If you make an https request, then the scheme is https, not http.

The redirect you posted must come from your backend, which adds set-cookie, as lighttpd does not generate set-cookie in your lighttpd.conf

RE: POST request redirected to GET request - Added by finn@lesueur.nz 18 days ago

Alright - that makes total sense. Consider this an errant and now closed bug report. I appreciate your help and apologies for the actually not-related bug report! I'll know to look for this in future.

Mā te wā,
Finn

    (1-4/4)