Curl - Mark bundle as not supporting multiuse < HTTP/1.1 403
Asked Answered
G

2

8

I'm trying to login in an API. I followed the tutorial, and, at a moment, I've to run this command :

export ID1=`curl -k --tlsv1.2 -b cookie.txt -c cookie.txt -v 'https://api-gateway.inpi.fr/auth/login' -H 'Accept: application/json, text/plain, */*' -H "X-XSRF-TOKEN: $TOKEN" -H 'Content-Type: application/json' -H 'Connection: keep-alive' -H "Cookie: XSRF-TOKEN= $TOKEN" --data '{"username":"[email address]","password":"[account password]","rememberMe":true}'`

But it returns :

  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 81.252.220.43:443...
* Connected to api-gateway.inpi.fr (81.252.220.43) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [108 bytes data]
* TLSv1.2 (IN), TLS handshake, Certificate (11):
{ [5187 bytes data]
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
{ [589 bytes data]
* TLSv1.2 (IN), TLS handshake, Server finished (14):
{ [4 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
} [70 bytes data]
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.2 (OUT), TLS handshake, Finished (20):
} [16 bytes data]
* TLSv1.2 (IN), TLS handshake, Finished (20):
{ [16 bytes data]
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* ALPN, server accepted to use http/1.1
* Server certificate:
*  subject: C=FR; ST=�le-de-France; L=Courbevoie; O=Institut National de la Propri�t� Industrielle; CN=*.inpi.fr
*  start date: Mar 12 13:13:03 2021 GMT
*  expire date: Mar 12 13:23:00 2022 GMT
*  issuer: C=BM; O=QuoVadis Limited; CN=QuoVadis Global SSL ICA G3
*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
} [5 bytes data]
> POST /auth/login HTTP/1.1
> Host: api-gateway.inpi.fr
> User-Agent: curl/7.81.0
> Cookie: XSRF-TOKEN=[my XSRF-TOKEN]
> Accept: application/json, text/plain, */*
> Content-Type: application/json
> Connection: keep-alive
> Cookie: XSRF-TOKEN= 
> Content-Length: 85
> 
} [85 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 
< Date: Fri, 18 Feb 2022 09:26:51 GMT
< Server: Apache
< x-csrf-token: Fetch
< Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
< Cache-Control: no-store
< Pragma: no-cache
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< Content-Security-Policy: default-src 'self'; frame-src 'self' data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://storage.googleapis.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; img-src 'self'; font-src 'self' data: https://fonts.gstatic.com
< Referrer-Policy: same-origin
< Feature-Policy: geolocation 'none'; midi 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; fullscreen 'self'; payment 'none'
< Content-Type: application/json
< Strict-Transport-Security: max-age=63072000; includeSubDomains
< Keep-Alive: timeout=5, max=100
< Connection: Keep-Alive
< Transfer-Encoding: chunked
< 
{ [148 bytes data]
100   227    0   142  100    85    838    501 --:--:-- --:--:-- --:--:--  1343
* Connection #0 to host api-gateway.inpi.fr left intact

I think the most interesting part is this:

} [85 bytes data]
* Mark bundle as not supporting multiuse
< HTTP/1.1 403 
< Date: Fri, 18 Feb 2022 09:26:51 GMT
< Server: Apache

When I run curl --version, I've :

curl 7.81.0 (x86_64-pc-linux-gnu) libcurl/7.81.0 OpenSSL/1.1.1m zlib/1.2.11 brotli/1.0.9 zstd/1.5.1 libidn2/2.3.2 libssh2/1.10.0 nghttp2/1.46.0 librtmp/2.3 OpenLDAP/2.6.0
Release-Date: 2022-01-05
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp 
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM NTLM_WB SPNEGO SSL TLS-SRP UnixSockets zstd

I tried a solution found on this forum : curl failing to download with authorization So, add --http0.9 flag, but no difference

Gilded answered 18/2, 2022 at 9:34 Comment(0)
F
15

This is not an error message, but a debug trace message of no consequence.

It means curl is aware the connection is not http/2. That is all; it offers no information above and beyond the status message which it also prints in --verbose mode (eg. "HTTP/1.1 200 OK")

Some History

  • this message was introduced with commit c32248f
  • it first appeared in curl 7.65.0
  • the message is enabled when curl is configured with "--enable-verbose", which is the default build option
  • It is shown when curl runs with --verbose or -v, or when the libcurl easy handle is configured with CURLOPT_VERBOSE = 1
  • The commit above indicates its purpose is to fix the following bugs:
    • #3813 - "curl hangs at 100% cpu usage on http/1.1 concurrent request with pipewait=1"
    • #3814 - "improved no-multiplexing situation"

Although the commit did solve a previously existing bug, the message "Mark bundle as not supporting multiuse" can only be considered a development scar.

Update: This superfluous message was removed in 7.88.0 with commit 73477d5

Forked answered 26/12, 2022 at 4:51 Comment(0)
H
2

you can try change curl request http version. I added --http1.1 I resolved my problem this way.

curl --http1.1 -X PUT....

Handtomouth answered 16/9, 2022 at 10:45 Comment(2)
HTTP 1.1 is clearly already being used.Massif
I tried using curl --http1.1 as well as curl --http2 still I get * Mark bundle as not supporting multiuse ...not sure is this error or just waring but I am not able to get expected outputBonspiel

© 2022 - 2024 — McMap. All rights reserved.