Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POST request to security advisories API gets 404 error #1309

Closed
GuySartorelli opened this issue May 26, 2022 · 4 comments
Closed

POST request to security advisories API gets 404 error #1309

GuySartorelli opened this issue May 26, 2022 · 4 comments

Comments

@GuySartorelli
Copy link

A GET request to https://packagist.org/api/security-advisories/ works exactly as expected, but a POST request gets a 404 error.
It looks like the API should support POST requests, even if it's not documented in the apidoc.

I want to send a POST request because any GET request with too many packages fails (gets a 502 error, most likely hitting the limit of characters that can be included in get vars). Even a project with a fairly modest number of packages can't currently request advisories for all of its packages in a single request, and I'd rather not spam the API with lots of requests for a single project's package list.
@GuySartorelli GuySartorelli changed the title POST request to security advisories gets 404 error POST request to security advisories API gets 404 error May 26, 2022
@GuySartorelli GuySartorelli mentioned this issue May 26, 2022
Closed
@glaubinix
Copy link
Contributor

@GuySartorelli can you show how you trigger the POST request? This should definitely work, see for example curl -X POST -F 'packages[]=symfony/http-foundation' https://packagist.org/api/security-advisories/

@GuySartorelli
Copy link
Author

GuySartorelli commented May 26, 2022
edited

Yup. The code I'm using is in composer/composer#10798 - I'll include the relevant parts here for convenience:

use Composer\Factory;

$opts = [
    'retry-auth-failure' => false,
    'http' => [
        'method' => 'POST',
        'header' => array('Content-Type: application/json'),
        'content' => json_encode(['packages' => $packageNames]),
    ],
];

// `$this` in this context is a command
$composer = $this->getComposer(true);
$httpDownloader = Factory::createHttpDownloader($this->getIO(), $composer->getConfig());
$response = $httpDownloader->get('https://packagist.org/api/security-advisories', $opts);

Sounds like there's probably something wrong with my code rather than something wrong with packagist though.

@glaubinix
Copy link
Contributor

Two things:

  • You are missing a slash at the end of the URL which causes the 404
  • Packagist currently doesn't check and decodes the body content for package names so using application/json won't work

The below code should work:

$response = $httpDownloader->get('https://packagist.org/api/security-advisories/', [
    'retry-auth-failure' => false,
    'http' => [
        'method' => 'POST',
        'header' => array('Content-type: application/x-www-form-urlencoded'),
        'content' => http_build_query(['packages' => ['symfony/http-foundation']]),
    ],
]);

@GuySartorelli
Copy link
Author

GuySartorelli commented May 26, 2022
edited

Huh. I wouldn't have expected a trailing slash being ommitted would cause a 404... but there ya go haha. Thank you very much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@glaubinix @GuySartorelli