mystery cookie being sent in the header

[dustinm]

I am attempting to retrieve an Oauth 2.0 token. About half the time it works fine. Then, seemingly randomly, I start getting Error 400 bad request returned. This is my request

Code: Select all

http_setCCSIDs(1208: 0);                    
http_debug(*ON);                            
http_xproc( HTTP_POINT_ADDL_HEADER : *NULL);
authparms = 'grant_type=client_credentials&client_id='+   
   %trim(facid)+'&client_secret='+%trim(facsec);          
if http_req('POST'                                        
                    : %trim(faurl1)+'/oauth2/v3/token'    
                    : *omit                               
                    : RSP                                 
                    : *omit                               
                    : %trim(authparms)                    
                    : 'application/x-www-form-urlencoded') <> 1
     errmsg = http_error(errno:result);
 endif;              

The response I am getting is:

Code: Select all

{"fault":{"faultstring":"OASValidation OpenAPI-Spec-Validation-OAuth2 with resource \"oas:\/\/oauth2-3_0_2.yaml\": failed with reason: \"[ERROR - cookie parameter is unexpected : NSC_fnbt-bqj-dbu: [], ERROR - cookie parameter is unexpected: $Path: [], ERROR - cookie parameter is unexpected : $Version: []]\"","detail":{"errorcode":"steps.oasvalidation.Failed"}}} 

This lead me to look at httpapi_debug.txt and there is a cookie header being sent that I am never specifying. It is only there when the request fails.

Code: Select all

There are 1 cookies in the cache                                                           
POST /oauth2/v3/token HTTP/1.1                                                             
Host: api-cat.usps.com                                                                     
User-Agent: http-api/1.45                                                                  
Content-Type: application/x-www-form-urlencoded                                            
Content-Length: 103                                                                        
Cookie: $Version=0; NSC_fnbt-bqj-dbu=ffffffff3b449a5145525d5f4f58455e445a4a42378b; $Path=/;

Where is this coming from and how do I get rid of it?

[Scott Klement]

Where is this coming from and how do I get rid of it?

When a prior request to the same host sent a cookie, HTTPAPI will automatically send it back on the next request (unless the cookie has expired.) This is a normal part of the HTTP standard. By default, HTTPAPI only 'remembers' and resends cookies until the activation group ends.

If you want to disable cookies completely, code this near the beginning of your program (anywhere before you make HTTP requests):

Code: Select all

http_use_cookies(*OFF);

[dustinm]

Is the cookie being sent to me from the server and then HTTPAPI is sending it back? I'm just not sure where it originated from, I'm not using cookies at all. That would make sense if it's originating from the server I'm calling.

At any rate, http_use_cookies(*OFF) seems to have fixed my issue and it works since I don't want to use them anyway. Thank you!

[Scott Klement]

Is the cookie being sent to me from the server and then HTTPAPI is sending it back?

Yes.