Api.twitch.tv/helix returning 403 "bad request" from cloudfront when sent empty content body when content-type is application/json

Any request with an empty content body and content-type application/json returns a 403 from cloudfront. This likely happens due to cloudfront trying and failing to parse the json. This change occurred recently 1-2 weeks ago. If this is suppose to happen then great. It is still a change in the api and I saw no recent annoucements about it

What specifically is the request you’re making?

There have been some recent changes that have impacted people sending a body (even if it’s an empty body) on a GET request and it causing issues, and that’s because sending a body with a GET request is non-standard. So make sure the requests you are sending conform to the specification as if you’re sending malformed requests (eg, a body on a get request) then that’s an issue on your end.

What specifically has been changed? Also running into this issue getting cloudflare’s 403 from both Get Users and Get Ads Schedule endpoints. A body is not being sent with the request and both types are x-www-form-urlencoded, what gives?

Both of these endpoints are GET endpoints

There shouldn’t be a Body sent by you to the server

But you stated there is one by declaring a content-type of x-www-form-urlencoded

So do not send a content-type header with a get request

But you stated there is a body and the body is of type x-www-form-urlencoded doesn’t matter that a body wasn’t included, as you technically caused an error by saying there is a body then didn’t send one

I have been banging my head against this for a week and didn’t realize I could omit the content type, thank you. (Was losing my shit trying different methods!)

EDIT: Omitted content type, still getting 403. CURL is working fine so back to head banging. :sleepy:

Hehe well for clarity:

header notes
Accept hey server I’m expecting content of this type (any sort of request)
Content-Type hey server I’m sending you content of this type (generally POST/PATCH/PUT)

Whats the body message?

And/or what does your code look like?

(DEBUG) GET USERS: → Lookup request for user twitch
(DEBUG) GET USERS: API ENDPOINT https://api.twitch.tv/helix/users
(DEBUG) GET USERS: SET HEADER Client-Id
(DEBUG) GET USERS: SET HEADER Authorization Bearer
(DEBUG) GET USERS: SET METHOD: GET
(DEBUG) GET USERS: FETCHED https://api.twitch.tv/helix/users?login=twitch
GET USERS

ERROR: The request could not be satisfied

403 ERROR

The request could not be satisfied.


Bad request. We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.

Generated by cloudfront (CloudFront)
Request ID: 1SEp7yz5fCitWUy6FKYKqVd0uTJkBBE8vGYrgbkdA7qcOITkNoPGbg==
GET USERS 403 GET USERS Forbidden

What about the code making the call

and the actual request made? In case whatever it doing these DEBUG messages is adding something it shouldn’t