400 when getting file content

[eric-millin]

I'm trying to get the contents of a drive item. When I use the SDK client to make the call, I get a 400. However, when I curl the same URL, it works. That makes me believe it might be an SDK issue rather than and API issue.

I am using v0.60.0 (I cannot upgrade because of #481).

Details

Here's roughly what happens:

1. Client calls https://graph.microsoft.com/v1.0/drives/<drive-id>/items/<item-id>/content.

   graphClient.DrivesById(driveId).ItemsById(itemId).Content().Get(ctx, nil)

2. API returns 302 to https://mytech.sharepoint.com/_layouts/15/download.aspx?UniqueId=ugly-gu-id&Translate=false&tempauth=some.jwt.token&ApiVersion=2.0
3. After client redirects, the API returns 400 with the message

   <h2>Our services aren't available right now</h2><p>We're working to restore all services as soon as possible. Please check back soon.</p>0123

However, If I curl the redirect URL, e.g.

curl "https://mytech.sharepoint.com/_layouts/15/download.aspx?UniqueId=ugly-gu-id&Translate=false&tempauth=some.jwt.token&ApiVersion=2.0" > my.docx

the API returns a valid file.

[eric-millin]

Confirmed that Go's default HTTP client also works successfully.

[eric-millin]

@rkodev @baywet Can someone take a look at this? Thanks

[maxklav]

We also are currently using the Go's default HTTP client for this specific call

[eric-millin]

@baywet @rkodev Any chance you can take a look at this? We're using an ugly hack (wait for the 400 and then use the URL to make another request with default client) to work around this. We're still in the prototype phase, so we can deal for the very short-term, but obviously won't work for production. Thanks.

[eric-millin]

@andrueastman Can you take a look at this or get the attention of someone who will?

[gil-laminar]

We saw this too. It happens because the download link in the 302 has a different host, and kiota-http's redirect handler copies the request verbatim, modifying only the URL - it keeps the original Host: header, which is now the wrong host (graph.microsoft.com). The redirected-to host (mytech.sharepoint.com in this example) sees a request with a bad Host: header and rejects it.

There's no way to comfortably monkey patch it either, so we had to create an http.Request and send it ourselves.

The fix should probably go here:
https://github.com/microsoft/kiota-http-go/blob/53e6b699af82a23d2cac857f9d4e699e9362cc46/redirect_handler.go#L158

The URL's host is checked in order to drop the Authorization header if it's different, but the Host: header is never updated.

[eric-millin]

@baywet @rkodev Can someone look at this, please?

[rkodev]

Hi @eric-millin this issue is currently in progress. , Please close [this ] related issue (microsoft/kiota-http-go#97 and keep the conversation here.