Lowercase put when using request triggers nginx error

[dglozic]

I am puzzled with an error I am getting. It is something like this:

const undiciOptions = {
   headers: {
      "Authorization": "Bearer ' + token,
      "Accept": "application/json"
  }
};

request("https://localhost:9442/path/to/user/profile", undiciOptions).
   then((response) => {
   	if (response.statusCode !== 200) {
		response.body.dump().then(() => {
			throw Error("Unexpected status code");
		});
	}
	return response.body.json();
   })
   .then((result) => {
      if (!_compareTokenClaimsAndResult(token, result)) {
         // token claims do not match user profile - align them on the fly
         const putOptions = {
            headers: undiciOptions.headers
            method: "put"
         };
         request("https://localhost:9442/path/to/user/profile/reload", putOptions);
         ...

The code above does the following:

1. Use request to fetch a user profile (standard stuff).
2. Compare JWT token claims and the specific properties of the user profile.
3. If they are out of sync, turn around and make another request (this time PUT) to 'trigger' the endpoint to copy the properties form the bearer token and align the profile.

As for the URL, note that the endpoint I am calling are proxied through nginx running at port 9442. Both nginx, the calling
service and the target service are in localhost.

This should work fine but unfortunately the second request fails in nginx with a 400:

2023/04/17 14:48:42 [info] 36173#0: *119 client sent invalid method while reading client request line, client: 127.0.0.1, server: 127.0.0.1:9442, request: "put /v2/user_profiles/[email protected]/reload HTTP/1.1"

I am at a loss to explain why this fails. The only thing I can come up with is that some reuse of sockets/keepalive/SSL handshake is messing up nginx here. Most of the entries in StackOverflow imply some kind of SSL handshake error. Note that I am using default global dispatcher for both calls.

[dglozic]

Oh it cannot be - so I managed to recreate the problem exactly using the following code:

/**
 * Licensed Materials - Property of IBM
 * (c) Copyright IBM Corporation 2016. All Rights Reserved.
 *
 * Note to U.S. Government Users Restricted Rights:
 * Use, duplication or disclosure restricted by GSA ADP Schedule
 * Contract with IBM Corp.
 */
"use strict";

const {
	undiciRequest: request
} = require("@dap/portal-common-clients");

function testUndici() {
	const token = process.env.TOKEN;
	if (!token) {
		exit("Missing token - exiting");
		return;
	}

	const undiciOptions = {
		headers: {
			"Authorization": "Bearer " + token
		},
		json: true,
		url: "https://localhost:9442/v2/user_profiles/[email protected]",
		rejectUnauthorized: false
	};

	request(undiciOptions, (err, response, result) => {
		if (err) {
			exit("Error detected: " + err.message);
			return;
		}
		if (response.statusCode !== 200) {
			exit("Unexpected status code: " + response.statusCode + ", " + result);
			return;
		}
		console.log("Response from user profile: " + JSON.stringify(result));

		// Making a put
		const putOptions = {
			headers: undiciOptions.headers,
			json: true,
			url: "https://localhost:9442/v2/user_profiles/[email protected]/reload",
			method: "put",
			rejectUnauthorized: false
		};
		request(putOptions, (err2, response2, result2) => {
			if (err2) {
				exit("Error detected from put: " + err2.message);
				return;
			}
			if (response2.statusCode !== 200) {
				exit("Unexpected status code from put: " + response2.statusCode + ", " + result2);
				return;
			}
			console.log("Response from reload profile: " + JSON.stringify(result2));
			exit();
		});
	});
}

function exit(message) {
	if (message) {
		console.log(message);
	}
	// eslint-disable-next-line no-process-exit
	process.exit(message ? 1 : 0);
}

testUndici();

Turns out it works fine if I set the method to "PUT" but not if it is "put". Is it possible that undici request is case-sensitive for method values :-)?

[dglozic]

Resolving this discussion as I filed an issue: #2079