fix: remove double execute() in HTTP interceptor chain causing media uploads to fail#384
Open
cryptomentor-de wants to merge 1 commit into
Open
Conversation
Session.intercept() called execute(request) to set the server URL, which sent every request to the server once without a Bearer token before AuthInterceptor could add it. This caused the server to receive two requests per call: one unauthenticated (returning 401/500) and one authenticated. For multipart media uploads the double-execute is especially harmful: the first unauthenticated execute either triggers an exception (due to expectSuccess = true) that prevents AuthInterceptor from running at all, or it consumes the request body so the second execute sends an empty payload. Either way the upload fails. Fix: inline the URL-host substitution from Session directly into the HttpSend interceptor block in AppComponent, then call only AuthInterceptor.intercept() which adds the Bearer token and performs a single execute(). The Session.intercept() member extension function is no longer needed and is removed along with its now-unused imports.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Media uploads (
POST /api/v2/media) fail intermittently — especially when uploading multiple files at once. Single uploads sometimes succeed, mass uploads almost always fail.Root Cause
The
HttpSendinterceptor inAppComponentcallsexecute(request)twice per request:Session.intercept()sets the server URL host and then callsexecute(request), which sends the actual network request without the Authorization header. The server receives an unauthenticated request and returns401/500. BecauseexpectSuccess = trueis configured on theHttpClient, ktor throws aServerResponseExceptionon the 500 response — soAuthInterceptor.intercept()on the next line is never reached.For multipart uploads in particular, even in cases where the exception doesn't propagate, the first
execute()call consumes the streaming request body. The secondexecute()inAuthInterceptorthen sends an empty body to the server, which rejects it.I was able to confirm this by adding request-level logging on the server side. Every failed upload arrived with
Authorization: (missing). The few that eventually succeeded arrived withAuthorization: Bearer <token>— sent byAuthInterceptorin the rare cases where the first execute did not throw.Fix
Inline the URL-host substitution from
Sessiondirectly into theHttpSendinterceptor block, without callingexecute(). Then delegate toAuthInterceptor.intercept()which adds the Bearer token and performs a singleexecute():Session.intercept()(the member extension onSender) is no longer needed and is removed along with its now-unused imports.Test plan