Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Report export POST request has Content-Length: 0



When using integrated report viewer there is export functionality (for example Export to Excel). This functionality, when clicked on export button generates POST request with Content-Length: 0 which is blocked by Application firewall that is between external gateway (F5) and internal load balancer and reported as security issue.

Is there some simple way to fix this?

Steps to Reproduce

Show any report in default generic report viewer, use Export to Excel functionality.

Root Cause

The root cause of this problem is in a third-party product integrated with PRPC. When we try "export to excel" a report definition, Fiddler throws a HTTP 500 error saying the request was rejected by the server. Possibly blocked by firewall. 

Following is an analysis as to what happens when we click the "export to excel" button: 

1. The export to excel button has the following code in the html:
<BUTTON onclick='"pyReportContentPage",this, event);' onmouseover="this.className='report_excel_on'" onmouseout="this.className='report_excel'" title="Export To Excel" class=report_excel name=Excel></BUTTON>

2. The exportToExcel function present in the pzpega_report_definition.js javascript file is executed. The function (as shown below) basically creates an html form to submit a http POST request to the server to run the pzRDExportWrapper Activity which is responsible for fetching the report content from the clipboard and exporting the same in an excel format.
var B=document.createElement("form");"formExportViewToExcel";
var C=document.forms.formExportViewToExcel;
var E=new SafeURL("Rule-Obj-Report-Definition.pzRDExportWrapper");

Thus, we are basically sending a POST request to export the report into an excel. The reason for the content-length to be 0 is mostly to do with how IE handles POSTS requests from a form submit behavior. A lot of information can be found online. An excerpt is as follows:

Internet Explorer does not send form fields if they are posted from an authenticated site (NTLM) to a non-authenticated site (anonymous).

This is feature for challange-response situations (NTLM- or Kerberos- secured web sites) where IE can expect that the first POST request immediately leads to an HTTP 401 Authentication Required response (which includes a challenge), and only the second POST request (which includes the response to the challange) will actually be accepted. In these situations IE does not upload the possibly large request body with the first request for performance reasons.

This behavior occurs every time an HTTP POST is made from a NTLM authenticated (i.e. Intranet) page to a non-authenticated (i.e. Internet) page, or if the non-authenticated page is part of a frameset, where the frameset page is authenticated.

The work-around is either to use a GET request as the form method, or to make sure the non-authenticated page is opened in a fresh tab/window (favorite/link target) without a partly authenticated frameset. As soon as the authentication model for the whole window is consistent, IE will start to send form contents again.

This could be a server side issue. The response header showed the below which could possibly give us a clue:
<html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: 1699017834564447468</body></html>


The explanation for this behavior is as follows: 
The issue was not reproducible and seemed to be a 3rd party issue. The fiddler trace showed the below:
<html><head><title>Request Rejected</title></head><body>The requested URL was rejected. Please consult with your administrator.<br><br>Your support ID is: 1699017834564447468</body></html>

which suggested that it could be a proxy / server issue and that it would be best if the IT / Administration team look into this.

Published January 31, 2016 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Did you find this content helpful?

Want to help us improve this content?

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us