[GH-ISSUE #242] IPv6 endpoint with err 403 #174

New issue

Closed

opened 2026-02-27 19:26:26 +03:00 by kerem · 3 comments

kerem commented 2026-02-27 19:26:26 +03:00

Owner

Copy link

Originally created by @onlsol on GitHub (Dec 16, 2021).
Original GitHub issue: https://github.com/jwilsson/spotify-web-api-php/issues/242

Although the endpoints for accounts/api.spotify.com claim to support IPv6 and resolve the DNS with both options, it looks like only the endpoint via IPv4 allows auth and api usage.

# e.g. on a new Ubuntu hosts that prefers IPv6
curl -s -o /dev/null -w "%{http_code}"  'https://accounts.spotify.com/authorize'
403 # rejected

# for reproducing on hosts that prefer IPv4, enforcing to resolve the domain to the IPv6 address
curl -s -o /dev/null -w "%{http_code}"  'https://accounts.spotify.com/authorize' --resolve 'accounts.spotify.com:443:2600:1901:1:c36::'
403 # rejected

# ensuring IPv4 usage 
curl -s -o /dev/null -w "%{http_code}"  'https://accounts.spotify.com/authorize' --resolve 'accounts.spotify.com:443:35.186.224.25'
303 # OK, allows auth

Is the issue known and does the PHP library have an option to enforce sticking to the IPv4? As workaround, I'd suggest

if (defined('CURLOPT_IPRESOLVE') && defined('CURL_IPRESOLVE_V4')) {
   curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4);
}

Originally created by @onlsol on GitHub (Dec 16, 2021). Original GitHub issue: https://github.com/jwilsson/spotify-web-api-php/issues/242 Although the endpoints for accounts/api.spotify.com claim to support IPv6 and resolve the DNS with both options, it looks like only the endpoint via IPv4 allows auth and api usage. ``` # e.g. on a new Ubuntu hosts that prefers IPv6 curl -s -o /dev/null -w "%{http_code}" 'https://accounts.spotify.com/authorize' 403 # rejected # for reproducing on hosts that prefer IPv4, enforcing to resolve the domain to the IPv6 address curl -s -o /dev/null -w "%{http_code}" 'https://accounts.spotify.com/authorize' --resolve 'accounts.spotify.com:443:2600:1901:1:c36::' 403 # rejected # ensuring IPv4 usage curl -s -o /dev/null -w "%{http_code}" 'https://accounts.spotify.com/authorize' --resolve 'accounts.spotify.com:443:35.186.224.25' 303 # OK, allows auth ``` Is the issue known and does the PHP library have an option to enforce sticking to the IPv4? As workaround, I'd suggest ``` if (defined('CURLOPT_IPRESOLVE') && defined('CURL_IPRESOLVE_V4')) { curl_setopt($ch, CURLOPT_IPRESOLVE, CURL_IPRESOLVE_V4); } ```

kerem closed this issue 2026-02-27 19:26:26 +03:00

kerem commented 2026-02-27 19:26:27 +03:00

Author

Owner

Copy link

@sjerdo commented on GitHub (Dec 16, 2021):

Is this an issue on Ubuntu systems only?
I don't experience any problems with the Spotify API using IPv6 on MacOS.

~ % dig +short A accounts.spotify.com
edge-web-split-geo.dual-gslb.spotify.com.
35.186.224.25
~ % dig +short AAAA accounts.spotify.com
edge-web-split-geo.dual-gslb.spotify.com.
2600:1901:1:c36::
~ % curl -4 -s -o /dev/null -w "%{http_code}" 'https://accounts.spotify.com/authorize'
303%
~ % curl -6 -s -o /dev/null -w "%{http_code}" 'https://accounts.spotify.com/authorize'
303%   

<!-- gh-comment-id:995817319 --> @sjerdo commented on GitHub (Dec 16, 2021): Is this an issue on Ubuntu systems only? I don't experience any problems with the Spotify API using IPv6 on MacOS. ``` ~ % dig +short A accounts.spotify.com edge-web-split-geo.dual-gslb.spotify.com. 35.186.224.25 ~ % dig +short AAAA accounts.spotify.com edge-web-split-geo.dual-gslb.spotify.com. 2600:1901:1:c36:: ~ % curl -4 -s -o /dev/null -w "%{http_code}" 'https://accounts.spotify.com/authorize' 303% ~ % curl -6 -s -o /dev/null -w "%{http_code}" 'https://accounts.spotify.com/authorize' 303% ```

kerem commented 2026-02-27 19:26:27 +03:00

Author

Owner

Copy link

@jwilsson commented on GitHub (Dec 16, 2021):

Hey!
I'm afraid I cannot reproduce this on neither one of Ubuntu nor macOS. There is however support for setting custom cURL options if you want to.

For example:

$request = new SpotifyWebAPI\Request(
    'curl_options' => [
        CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4,
    ],
]);

// Then, pass the $request when instantiating Session and SpotifyWebAPI
$session = new SpotifyWebAPI\Session(
    'CLIENT_ID',
    'CLIENT_SECRET',
    'REDIRECT_URI',
    $request
);

$api = new SpotifyWebAPI\SpotifyWebAPI([], null, $request);

<!-- gh-comment-id:996123046 --> @jwilsson commented on GitHub (Dec 16, 2021): Hey! I'm afraid I cannot reproduce this on neither one of Ubuntu nor macOS. There is however [support for setting custom cURL options](https://github.com/jwilsson/spotify-web-api-php/blob/0e78bc2c33ca92d7f5fa772861196f54e0093eef/docs/examples/setting-custom-curl-options.md) if you want to. For example: ```php $request = new SpotifyWebAPI\Request( 'curl_options' => [ CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4, ], ]); // Then, pass the $request when instantiating Session and SpotifyWebAPI $session = new SpotifyWebAPI\Session( 'CLIENT_ID', 'CLIENT_SECRET', 'REDIRECT_URI', $request ); $api = new SpotifyWebAPI\SpotifyWebAPI([], null, $request); ```

kerem commented 2026-02-27 19:26:27 +03:00

Author

Owner

Copy link

@onlsol commented on GitHub (Jan 20, 2022):

@jwilsson resolved by your proposal CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4 which sticks to resolving ipv4 only - even if ipv6 is preferred by the environment though broken or missing DNS records (AAAA) for the sub domains.

thanks!

<!-- gh-comment-id:1017855740 --> @onlsol commented on GitHub (Jan 20, 2022): @jwilsson resolved by your proposal CURLOPT_IPRESOLVE => CURL_IPRESOLVE_V4 which sticks to resolving ipv4 only - even if ipv6 is preferred by the environment though broken or missing DNS records (AAAA) for the sub domains. thanks!

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

main

7.1.0

7.0.0

6.3.1

6.3.0

6.2.0

6.1.1

6.1.0

6.0.4

6.0.3

6.0.2

6.0.1

5.7.1

6.0.0

5.7.0

5.6.0

5.5.0

5.4.0

5.3.0

5.2.0

5.1.0

5.0.3

5.0.2

5.0.1

5.0.0

4.3.0

4.2.2

4.2.1

4.2.0

4.1.1

4.1.0

4.0.0

3.6.2

3.6.1

3.6.0

3.5.1

3.5.0

3.4.0

3.3.0

3.2.0

3.1.0

3.0.0

2.12.0

2.11.1

2.11.0

2.10.1

2.10.0

2.9.0

2.8.0

2.7.0

2.6.1

2.6.0

2.5.1

2.5.0

2.4.0

2.3.0

2.2.1

2.2.0

2.1.1

2.1.0

2.0.1

2.0.0

1.12.0

1.11.1

1.11.0

1.10.1

1.10.0

1.9.0

1.8.0

1.7.0

1.6.1

1.6.0

1.5.0

1.4.2

1.4.1

1.4.0

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.0

1.1.0

1.0.0

0.10.0

0.9.0

0.8.2

0.8.1

0.8.0

0.7.0

0.6.0

0.5.0

0.4.0

0.3.0

0.2.0

0.1.0

Labels

Clear labels   

bug

  

docs

  

enhancement

  

enhancement

  

enhancement

  

feedback wanted

  

good first issue

  

help wanted

  

help wanted

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

question

  

upstream

  

upstream

No labels

bug

docs

enhancement

enhancement

enhancement

feedback wanted

good first issue

help wanted

help wanted

help wanted

invalid

pull-request

question

question

upstream

upstream

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/spotify-web-api-php#174

No description provided.