[Libwebsockets] http 403

Kun Zhao kzhdev at gmail.com
Fri Mar 22 00:21:38 CET 2019


Aha, set i.origin = NULL solved the issue.

Thanks,
Kun

On Thu, Mar 21, 2019 at 6:18 PM Kun Zhao <kzhdev at gmail.com> wrote:

> Is there a way to tell lws not to send origin?
>
> On Thu, Mar 21, 2019 at 4:12 PM Andy Green <andy at warmcat.com> wrote:
>
>>
>>
>> On 22/03/2019 05:06, Kun Zhao wrote:
>>
>> > But why curl works? There must be something different in the headers
>> > libwebsockets sent out.
>>
>>   - Curl doesn't send origin as you can see from your logs.
>>
>>   - The minimal example asks lws to send origin by default because
>> that's what other servers demand to see.
>>
>>   - the server in this case has a policy to 403 anyone that either sends
>> origin that isn't exactly what it wants or who sends any origin header
>> (which is a perfectly valid thing to send in http).
>>
>> -Andy
>>
>> > On Thu, Mar 21, 2019 at 3:52 PM Andy Green <andy at warmcat.com
>> > <mailto:andy at warmcat.com>> wrote:
>> >
>> >
>> >
>> >     On 22/03/2019 01:59, Kun Zhao wrote:
>> >      > Hi Andy,
>> >      >
>> >      > I'm trying to get a JSON from
>> >     https://www.bitmex.com/api/v1/instrument
>> >      > REST API. I tried my own libwebsockets app and
>> >      > libwebsockets_test_client, both of them are failed with 403.
>> >     However, I
>> >      > can use curl to get the JSON without any problems. How do I
>> >     figure out
>> >      > what is wrong with libwebsockets?
>> >
>> >     Something "wrong with libwebsockets", eh.
>> >
>> >      > Attached are the detailed log of curl and
>> libwebsockets_test_client.
>> >      > Hopefully, that will give you more information.
>> >
>> >     I did this to the minimal http client (and gave it --h1)
>> >
>> >     diff --git
>> >
>>  a/minimal-examples/http-client/minimal-http-client/minimal-http-client.c
>> >
>> >
>>  b/minimal-examples/http-client/minimal-http-client/minimal-http-client.c
>> >     index d8ce24212..202eb3264 100644
>> >     ---
>> >
>>  a/minimal-examples/http-client/minimal-http-client/minimal-http-client.c
>> >     +++
>> >
>>  b/minimal-examples/http-client/minimal-http-client/minimal-http-client.c
>> >     @@ -155,7 +155,7 @@ int main(int argc, const char **argv)
>> >                       i.ssl_connection |= LCCSCF_ALLOW_SELFSIGNED;
>> >               } else {
>> >                       i.port = 443;
>> >     -               i.address = "warmcat.com <http://warmcat.com>";
>> >     +               i.address = "www.bitmex.com <http://www.bitmex.com
>> >";
>> >               }
>> >
>> >               if (lws_cmdline_option(argc, argv, "--h1"))
>> >     @@ -164,9 +164,9 @@ int main(int argc, const char **argv)
>> >               if ((p = lws_cmdline_option(argc, argv, "-p")))
>> >                       i.port = atoi(p);
>> >
>> >     -       i.path = "/";
>> >     +       i.path = "/api/v1/instrument/active";
>> >               i.host = i.address;
>> >     -       i.origin = i.address;
>> >     +//     i.origin = i.address;
>> >               i.method = "GET";
>> >
>> >               i.protocol = protocols[0].name;
>> >
>> >     I tried a few thiongs for origin but it seems that server just
>> rejects
>> >     any request with origin header.
>> >
>> >     https://tools.ietf.org/html/rfc6454#section-7
>> >
>> >     Other servers require it... anyway there's nothing "wrong with
>> >     libwebsockets", your request must comply with whatever policy the
>> >     server
>> >     has decided to implement.  In this case, apparently, "don't send me
>> >     origin or you will get a 403".
>> >
>> >     -Andy
>> >
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://libwebsockets.org/pipermail/libwebsockets/attachments/20190321/3c2daabc/attachment.html>


More information about the Libwebsockets mailing list