Bug 247970

The request sen has a header that is Content-Length: 0. Looking here: https://www.rfc-editor.org/rfc/rfc7230 A user agent SHOULD NOT send a Content-Length header field when the request message does not contain a payload body and the method semantics do not anticipate such a body. Copying the request over into Postman and removing the Content-Length: 0 makes the request return a 200.

Heh, this might be one of those bug reports that explains a *lot* of broken websites... nice. I've been wondering why so many XHRs get blocked since 2015 or thereabouts.

(In reply to Michael Catanzaro from comment #2) > Heh, this might be one of those bug reports that explains a *lot* of broken > websites... nice. I've been wondering why so many XHRs get blocked since > 2015 or thereabouts. Good news: this is already fixed. The bug only occurs when using webkit2gtk-4.0 (builds made with -DUSE_SOUP2=ON), which uses libsoup 2. If you switch to webkit2gtk-4.1 (builds made with default build options), which uses libsoup 3, then the bug is gone. I'm not sure whether this was a bug in libsoup itself, or a bug in WebKit that's fixed in the libsoup 3 codepaths, but I don't think it's worth investigating: applications should migrate to -4.1 as soon as possible, and only use -4.0 if you have other dependencies on libsoup 2 that you haven't been able to remove yet. BTW I submitted about a dozen suspicious failed login attempts... hopefully Volvo does not decide to lock your account due to that. :P