error 400

There is no length limit (intentionally) imposed by the plugin or by WordPress, as far as I know. And yet, I’ve experienced this same problem. So I’ve already tried to contact Tumbr’s tech support, who have to date been supremely unhelpful. Below is a copy and paste of my conversation with them. If you know someone at Tumblr who can take a closer look at this or in some other way get around the frustratingly slow tech support and to something more useful at Tumblr, I would be appreciative of your assistance.

On Fri, 14th Mar 2014 at 8:12 pm, Meitar wrote:

Hi,

I’ve developed an application that uses the Tumblr API. For about a month or so, it’s been working across thousands of installations with no apparent problem.

But, as of a couple days ago, I started noticing a lot of errors cropping up. Some were “401 Not Authorized” that were frustratingly intermittent. Today I tried using the Tumblr API to post a simple text post to a test blog, and I’ve found what appears to me to be really strange issue.

I can apparently trigger a 400 Bad Request response from the Tumblr API simply by trying to POST more than a certain amount of data. Again, I stress that with absolutely no change in the request parameters except their length, the shorter requests work and the longer requests trigger a 400 Bad Request.

I’m not even talking about a huge amount of data. Less than 6k triggers the error, in my testing. I don’t know exactly where the boundary is, but this seems awkward at best for an application that was working without a problem, less than a month earlier.

I don’t know what to make of this because I can find no mention of a length limitation or recent change in the Tumblr API docs. I’ve attached a debug log file that shows the full HTTP dialogue including OAuth authorization success followed shortly thereafter by an attempt to post a “Lorem ipsum” style blog post to a known-existing Tumblr post with the correct ID. The “SHORT EXAMPLE” (the first one, at the top of the log file) receives a 200 OK response and the “LONGEST EXAMPLE” (the last one, after several long breaks in the log file) receives a 400 Bad Request.

I’ve verified this issue occurring, with the same weird length issue, across three distinct installations of the software running two different variants of Linux and one on OS X. In all cases, the behavior is the same.

This leads me to believe there’s a bug or some other undocumented condition in the Tumblr API. Your prompt assistance would be appreciated.

Thank you for your time,
-Meitar
formerly the Tumblrize developer, currently the Tumblr Crosspostr developer

On Fri, 14th Mar 2014 at 9:37 pm, Alex wrote:

Hello,

Can you tell us the name of your app. Or the API key, if you know it?

Which email address are you using and what is your blog URL (e.g. http://staff.tumblr.com)?

Thanks,
Alex
—
Tumblr Support
support@tumblr.com

On Fri, 14th Mar 2014 at 10:19 pm, Meitar wrote:

Hi Alex,

For your convenience, here is the information you’ve asked for, below:

App name: Tumblr Crosspostr – DEVELOPMENT
API key: [REDACTED]
Email address: [REDACTED]
Blog URL: [REDACTED]

This info was also available in my original support request, I think. Thanks again for your help.

Cheers,
-Meitar

On Mar 21, 2014, at 2:37 PM, Tumblr Support wrote:

Hey,

Okay, so I’m not seeing anything going on with your app as far as it being suspended or anything.

Can you explain a bit more about what your app is doing and what calls it’s making to the API?

Thanks,
Alex
—
Tumblr Support
support@tumblr.com

On Mar 21, 2014, at 2:35 PM, Meitar wrote:

Thanks for checking up on the permissions of my app, Alex.

My app is doing something very simple. All I am doing is preparing an HTTP POST request and sending it to Tumblr’s /post/edit API endpoint for my blog. You can see this happening in the code, here:

https://plugins.trac.wordpress.org/browser/tumblr-crosspostr/tags/0.7.8.4/lib/TumblrCrosspostrAPIClient.php#L54

The $params in that function are the POST parameters I provided earlier, in the debug.log file that I sent to you in my initial query.

These parameters are what you’d expect to edit a post. They include:

* The Tumblr post ID.
* The Tumblr post content, such as the “description” or “body” of the post, etc., as described in version 2 of the Tumblr API docs.
* Any post-type-specific parameters, such as the URL to a photo, etc.

As mentioned in my initial support request, nearly identical requests either succeed (i.e., Tumblr API returns a 200 OK message with a Tumblr post ID) or fail (i.e., Tumblr API returns an HTML-formatted page that asserts a “Bad Request”) solely based on the length of the tumblr post content. Again, the full HTTP dialogue is available to you in the debug.log file I sent initially.

Thanks again for promptly looking into this issue. It’s extremely confounding and very frustrating.

Cheers,
-Meitar

Hmm. I was under the impression that the variables should be included in the Authorization header because they are hashed to create the oauth_signature. However, I’m not finding that exact behavior described in the OAuth spec.

I’m not an OAuth expert, so I’ve asked about this very thing in the support forum of the library that I’m using. The Authorization header is being constructed from the call to CallAPI that’s part of the library implementation of the oauth_client_class introduced in version 0.7.6 of Tumblr Crosspostr.

Would you be able and willing to test your ok’ed and fail’ed posts with version 0.7.5 or earlier to see if the issue persists in the same way?

Thanks for digging into this with me.

[Deleted duplicate post due to unexplained WordPress forum software glitch.]

http://www.phpclasses.org/discuss/package/7700/thread/159/ I am frustrated by having to convince Manuel Lemos that you’re correct, Peter. He does not yet seem to believe the problem is caused by long HTTP Authorization header values.

If he does not want to patch oauth_client_class for this, I may have to do it myself, but that will take me some additional time as I’m not especially familiar with his library code—and I can’t prioritize this project in a meaningful way right now because I am actually homeless and living out of my car<, and it’s difficult to find time to debug code when that is one’s environment.

Another solution would be to replace oauth_client_class with PEAR’s OAuth class but I don’t like that solution either for reasons I described in the code comments and plugin’s change log.

In the mean time, if you don’t need any of the Tumblr Crosspostr features implemented after version 0.7.5, downgrading to that version seems the best option for the near future if you are crossposting longer posts.

When I find myself in a more stable situation I will either patch the library or find some other solution and release an update. But I just can’t code comfortably while sleeping in the back of a Wal-Mart. 😛

I did, Peter. Thanks again for your detailed logs showing all this. 🙂 I’m hopeful he’ll have an update to the OAuth library soon.

wob, xxx.dev is not a URL Tumblr can reach. For now, your images must point to a publicly accessible resource to be upload-able to Tumblr through Tumblr Crosspostr.