Bug #16142
closed
XMLRPC requests fail due to incorrect request path
100%
Description
Version: 25.07.a.20250416.0600
This has been happening for a few updates already.
Updated by Jim Pingle about 1 month ago
- Status changed from New to Confirmed
Has this been tested on 25.03 and confirmed to be OK there?
I am seeing this on 25.07 as well but I'm not seeing anything in the auth files or other includes that changed recently. Still digging, though.
Somehow the primary actually ends up sending the XMLRPC request to / on the secondary and not /xmlrpc.php:
Primary: Apr 17 15:51:20 ha-primary php-fpm[602]: /rc.filter_synchronize: Beginning XMLRPC sync data to https://172.16.1.3:443/xmlrpc.php. Apr 17 15:51:20 ha-primary php-fpm[602]: /rc.filter_synchronize: Exception calling XMLRPC method host_firmware_version # Received non-200 HTTP Code: 403. Response body: <bunch of stuff> Secondary: Apr 17 15:51:20 ha-secondary nginx: 172.16.1.2 - - [17/Apr/2025:15:51:20 +0000] "POST / HTTP/1.1" 403 4401 "-" "PEAR::XML_RPC2/@package_version@"
Updated by Jim Pingle about 1 month ago
stevew tested it on 25.03 and it's working and also sending the POST request to the proper URL.
I don't see anywhere in the code where the URL could be getting changed/lost, the xmlrpc.php part is hardcoded even. The nginx logs on the secondary do not show any other requests at that time, just POST requests to / and no others, so it couldn't be a redirect in PHP. The nginx config is identical between 25.03 and 25.07 so doesn't seem to be redirected that way either. Initiating a cURL request at the CLI for /xmlrpc.php on the secondary goes to the right place as well. It almost seems like it has to be something in the PHP XML_RPC2 library but the version is the same on 25.03 and 25.07.
Updated by Jim Pingle about 1 month ago
- Target version changed from 2.8.0 to 2.9.0
2.8.0 is OK. Seems to only affect 25.07.
Reinstalling php83-pear-XML_RPC2-1.1.5.pkg and restarting PHP didn't have any effect.
The URL is correct in xmlrpc_client.inc where it creates the connection but still somehow it's losing the path when making the actual request.
Updated by Jim Pingle about 1 month ago
- Subject changed from XMLRPC sync broken on latest 25.07 development builds - CSRF issue. to XMLRPC requests fail due to incorrect request path
Updated by dylan mendez 19 days ago
Still an issue on the latest builds. Any update?
Updated by Reid Linnemann 13 days ago
- Assignee set to Reid Linnemann
This looks to be related to a fix in Net_URL2 v2.2.3 for libpcre2 10.45 that is missing from Net_URL2 v2.2.2. Working on the solution in the build.
Updated by Reid Linnemann 13 days ago
A ports merge is underway that will resolve this shortly, no other action needs to be taken. In the interim if you need XMLRPC2 to work in devel I can supply you with a patch for the Net_URL2 source that needs to be fixed.
Updated by Reid Linnemann 13 days ago
- Status changed from Confirmed to Waiting on Merge
Updated by
Updated by Jim Pingle 6 days ago
Adding another data point, it's working for me now also. The HA pair I was able to replicate this on before now synchronizes successfully on 25.07 snapshots.