wrong Content-Type set on login request

[tbcs]

Description

Login request submits JSON in body but sets Content-Type to text/plain.

Steps to reproduce

• extract release tarball of riot-web and open index.html in browser
• (optional) on the login screen switch to custom server https://localhost
• open the browser's web console to observe riot-web network traffic
• enter any username and password
• click on "Sign In" button to trigger login request
• observe POST request to /_matrix/client/r0/login with JSON body being sent to home server with Content-Type text/plain

Expected behavior: login request is sent with Content-Type application/json.

Requests to other paths might suffer from the same issue; I have only tested the login URL.

This is a regression that was introduced somewhere between v0.11.4 and v0.12.0-rc.1.

Version information

• Platform: web
• Browser: Firefox v57.0.2
• OS: Debian GNU/Linux 9.1
• URL: localhost (loaded index.html straight from extracted release tarball)
• Version (broken): 0.12.0-rc.1 and newer (latest verified 0.13.3)
• Version (OK): 0.11.4 and older

Example login request with v0.12.0-rc.1

POST https://localhost/_matrix/client/r0/login?
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
Content-Length: 202
Content-Type: text/plain;charset=UTF-8
Origin: null
Connection: keep-alive

{"type":"m.login.password","password":"f","identifier":{"type":"m.id.user","user":"f"},"initial_device_display_name":"file:///home/tibi/src/riot-v0.12.0-rc.1/index.html via Firefox on Linux","user":"f"}

Example login request with v0.11.4

POST https://localhost/_matrix/client/r0/login?
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
content-type: application/json
Content-Length: 197
Origin: null
Connection: keep-alive

{"type":"m.login.password","password":"f","identifier":{"type":"m.id.user","user":"f"},"initial_device_display_name":"file:///home/tibi/src/riot-v0.11.4/index.html via Firefox on Linux","user":"f"}

[tbcs]

The offending commit seems to be cc85181, which updates the matrix-js-sdk dependency from v0.7.13 to v0.8.0. Should I close this issue and reopen it in the js-sdk project instead?

[lampholder]

Here's probably a good place to track it - @lukebarnard1 any idea what's going on?

[lukebarnard1]

It'd be worth checking the dependencies that changed in the new versions of js-sdk and react-sdk. It's possible that the HTTP request wrapper library we're using changed it's content-type.

Interestingly, the diff on package.json for matrix-js-sdk shows:

   "dependencies": {
     "another-json": "^0.2.0",
+    "bluebird": "^3.5.0",
     "browser-request": "^0.3.3",
-    "q": "^1.4.1",
+    "content-type": "^1.0.2",
     "request": "^2.53.0"
   },

and yet content-type doesn't appear to be used by the js-sdk.

I reckon matrix-org/matrix-js-sdk@5f6e4bd has something to do with this. Namely matrix-org/matrix-js-sdk@5f6e4bd#diff-35bdd14cceed0bc15886715116543778R691

Yep, looks like we deliberately do not send application/json content type so as to avoid spamming over any text/plain errors with a syntax error (matrix-org/matrix-js-sdk#479).

[t3chguy]

yup caused by that and fixed by matrix-org/matrix-js-sdk#643

Yep, looks like we deliberately do not send application/json content type so as to avoid spamming over any text/plain errors with a syntax error (matrix-org/matrix-js-sdk#479).

is not quite right, we don't ask the lib to infer and process the json for us to prevent that