Hi,
I just looked after the request generated by a WWW instance with a WWWForm in it using Wireshark. It seems like the HTTP header embeds one more serie than necessary.
Those appear as a “preamble” in the multipart form data which is blocked by the Apache mod_security module as being “Data before first boundary”.
Has anyone circumvent this?
For the records, I managed to find a way around another mod_security filtering issue. In the header Content-Type line, the boundary value should not be surrounded by quotes. That single-liner solved it:
headers[“Content-Type”]=headers[“Content-Type”].Replace(“"”,“”);
Thanks,
SD
Up anyone? Still blocked by this stuff.
Hi,
I had the same problem as you with the mod_security wich gives me Error 400 bad request. So I’ve started by adding your line and it solved the BQ issue !
Then I’ve try to read the form.data to understand what was the DB issue. so I’ve made a for loop and I’ve Encode form.data.
I’ve discover that there is some data before the first boundary : a blank line.
So I’ve decided to manually erase some bytes in the form.data. Now it’s working great !
WWWForm formImg = new WWWForm();
formImg.AddField("nomImage", _nameImg);
var bytes = _imgToSend.EncodeToPNG();
formImg.AddBinaryData("icone", bytes, _nameImg + ".png", "image/png");
var headersImg = formImg.headers;
byte[] rawDataImg = formImg.data;
string url = "http://www.mysiteweb/myphpscript.php";
headersImg["Authorization"] = "Basic " + System.Convert.ToBase64String(System.Text.Encoding.ASCII.GetBytes("user:password"));
//Replace quotes by nothing
headersImg["Content-Type"] = headersImg["Content-Type"].Replace("\"","");
//Erase the 2 first bytes of formImg.data
rawDataImg = rawDataImg.Skip(2).ToArray();
WWW wwwImg = new WWW(url, rawDataImg, headersImg);
Is this happening with the current version of unity?
Yep, I know that Content-Length is missing in Unity 2017 but fixed in Unity 2018 b. But the boundary still quoted and there is a little space before the first boundary which makes mod.Security crazy even in Unity 2018 b…
Adding this two lines :
headersImg["Content-Type"] = headersImg["Content-Type"].Replace("\"","");
rawDataImg = rawDataImg.Skip(2).ToArray();
Solve the security issue.
The thing is that mod.Security is not on every server and I discover this problem after switching my host server. There is no thread on Internet on how to solved that, except “disconnect” mod.security.
Oh ! and UnityWebRequest always crash on my computer when adding SendWebRequest() ! I will send a report if it’s not fixed in 2018b ! Fortunately we still have class WWW.
Which is a wrapper on top of UnityWebRequest!