file_get_contents('php://input') Returns empty for one user, but works fine for others

Question

Having a very strange issue with my web server. My server shows an empty string for file_get_contents('php://input'), but for only one user. It works fine for me and a few others but one specific user cannot use anything on the site that uses POST requests because the server is just receiving no POST information from his browsers, on his PC. However it also works fine on his phone. It's even more difficult to test because I cannot replicate it myself, it is working fine for me. I've had him try multiple different browsers and incognito incase it was some weird setting in Chrome that was breaking it for him but nothing seems to be working. I've checked in the headers in his chrome tools and it seems like all of the information is there, but the server still sees nothing. The code I'm using is pretty straightforward, just using fetch to send a post request

 let fetchCheckoutID = fetch("stripe/createcustomcheckout.php", {
  credentials: 'include',
  method: "POST",
  headers: { 'Content-Type': 'application/json' },
  body: JSON.stringify({
    currency: customCheckoutCurrency.value.toLowerCase(),
    price: customCheckoutValue.value,
    name: customCheckoutName.value
  })
}).then(function (response) {
  return response.json();
}).then(async function (session) {
  stripe.redirectToCheckout({ sessionId: session.id});
}).then(function (result) {

  if(result.error) {
    alert(result.error.message);
  }
}).catch(function (error) {
  console.error("Stripe Setup: ", error);
});

And then on the server side

$json = file_get_contents('php://input');
$data = json_decode($json);

This is just the code that I discovered the issue with, none of the POST requests on the entire website are working for him specifically, but are fine for everyone else. I've spent like the last 4 hours with him trying to figure this out, since it has been working fine for him for months and now suddenly he basically cannot use the site since so much of it relies on POST requests to the server. And if this is an issue that he can get then surely other users could have the same issue... I'm not sure where else to go, I cannot find any other posts that are having the same issue. I just find a ton of people who can't find information in $_POST and people recommend they use file_get_input() just like was already using. I've tried a lot of fixes people recommended anyway, even though the issues weren't the exact same but nothing has worked so far.

Here is some information from inside his browser, with some information censored.

His request headers:

Request URL: ///stripe/createcustomcheckout.php
Request Method: POST
Status Code: 200 
Remote Address: ///
Referrer Policy: strict-origin-when-cross-origin
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 20 Jul 2021 22:17:42 GMT
host-header: 8441280b0c35cbc114
server: nginx
vary: Accept-Encoding
x-httpd: 1
x-proxy-cache-info: DT:1
:authority: ///
:method: POST
:path: /stripe/createcustomcheckout.php
:scheme: https
accept: /
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
content-length: 49
content-type: application/json
cookie: stripe_mid=499cb16f-aea1-4724-b6f7-ef968c5733696ba34;                 
stripe_sid=f2bbde34-9dab-4f3f-9dfc-bb2904e813a1716c2
origin: ///.com/
referer: ///createstripe
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="91",                 
"Chromium";v="91"
sec-ch-ua-mobile: ?0
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: same-origin
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64)     
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 
Safari/537.36
{currency: "usd", price: "21", name: "ertrgdfg"}
currency: "usd"
name: "ertrgdfg"
price: "21"

And this is the server response, I have it var_dumping the entirety of $_SERVER, and the empty string at the bottom is a var_dump of the $json variable from earlier (the empty php://input).

["PATH"]=>
string(28) "/usr/local/bin:/usr/bin:/bin"
["DOCUMENT_ROOT"]=>
string(52) "///.com/public_html"
["HTTPS"]=>
string(2) "on"
["UNIQUE_ID"]=>
string(27) "YPdK0LJppGoU///AAAAw"
["SCRIPT_URL"]=>
string(36) "/stripe/createcustomcheckout.php"
["SCRIPT_URI"]=>
string(57) "///stripe/createcustomcheckout.php"
["PHPHANDLER"]=>
string(24) "/usr/local/php74/bin/php"
["HTTP_X_PORT"]=>
string(4) "1033"
["HTTP_X_REAL_IP"]=>
string(14) "///"
["HTTP_X_FORWARDED_PROTO"]=>
string(5) "https"
["HTTP_HOST"]=>
string(13) "///.com"
["HTTP_X_ACCEPT_ENCODING"]=>
string(17) "gzip, deflate, br"
["HTTP_CONNECTION"]=>
string(5) "close"
["HTTP_SEC_CH_UA"]=>
string(64) "" Not;A Brand";v="99", "Google Chrome";v="91", 
"Chromium";v="91""
["HTTP_SEC_CH_UA_MOBILE"]=>
string(2) "?0"
["HTTP_USER_AGENT"]=>
string(115) "Mozilla/5.0 (Windows NT 10.0; Win64; x64) 
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.164 
Safari/537.36"
["CONTENT_TYPE"]=>
string(16) "application/json"
["HTTP_ACCEPT"]=>
string(3) "*/*"
["HTTP_ORIGIN"]=>
string(21) "///.com"
["HTTP_SEC_FETCH_SITE"]=>
string(11) "same-origin"
["HTTP_SEC_FETCH_MODE"]=>
string(4) "cors"
["HTTP_SEC_FETCH_DEST"]=>
string(5) "empty"
["HTTP_REFERER"]=>
string(38) "///createstripe"
["HTTP_ACCEPT_LANGUAGE"]=>
string(14) "en-US,en;q=0.9"
["HTTP_COOKIE"]=>
string(112) "__stripe_mid=499cb16f-aea1-4724-b6f7-ef933696ba34; 
__stripe_sid=f2bbde34-9dab-4f3f-9dfc-bb23a1716c2"
["SERVER_SOFTWARE"]=>
string(6) "Apache"
["SERVER_NAME"]=>
string(13) "///.com"
["SERVER_ADDR"]=>
string(14) "///"
["SERVER_PORT"]=>
string(3) "443"
["REMOTE_ADDR"]=>
string(14) "///"
["SERVER_ADMIN"]=>
string(9) "webmaster"
["SCRIPT_FILENAME"]=>
string(88) "///stripe/createcustomcheckout.php"
["REMOTE_PORT"]=>
string(5) "37988"
["GATEWAY_INTERFACE"]=>
string(7) "CGI/1.1"
["SERVER_PROTOCOL"]=>
string(8) "HTTP/1.0"
["REQUEST_METHOD"]=>
string(4) "POST"
["QUERY_STRING"]=>
string(0) ""
["REQUEST_URI"]=>
string(36) "/stripe/createcustomcheckout.php"
["SCRIPT_NAME"]=>
string(36) "/stripe/createcustomcheckout.php"
["PHP_DEFAULT_SOCKET_TIMEOUT"]=>
string(2) "40"
["PHP_MAX_EXECUTION_TIME"]=>
string(3) "120"
["PHP_MAX_INPUT_TIME"]=>
string(3) "120"
["PHP_MEMORY_LIMIT"]=>
string(4) "768M"
["PHP_POST_MAX_SIZE"]=>
string(4) "256M"
["PHP_UPLOAD_MAX_FILESIZE"]=>
string(4) "256M"
["PHP_SELF"]=>
string(36) "/stripe/createcustomcheckout.php"
["REQUEST_TIME_FLOAT"]=>
float(1626819280.5109)
["REQUEST_TIME"]=>
int(1626819280) 
}
string(0) ""

What I noticed is that the $_SERVER response from his request is lacking a ["CONTENT-LENGTH"] variable, which MY response has. However his request headers in his browser DO have a content-length, and the content is right there, but the server still sees nothing. I'm really stuck here and can't figure out why the server is not receiving his POST content. This isn't a random user this is the owner of the site (I'm just the developer), it's very important that he is able to use it. Any help would be very much appreciated.

Answer 1

Alright so I figured out the issue, incase anyone runs into this issue in the future. I went to spend more time trying to Bugfix this issue today and the user was getting a new error, this time an entire error page response from my hosting service, outside of my control. This error said:

"The page you are trying to access is restricted due to a security rule. If you believe that this security rule is affecting the normal operation of your website, contact your hosting provider with detailed instructions how to recreate this error."

I use Siteground to host my website, so I contacted them to attempt to resolve this issue. Long story short they have a specific security rule on their backend that has issues with Bitdefender, and it was now blocking him. The support agent had to unblock his IP and he uninstalled Bitdefender and now everything is working fine. Bitdefender was blocking his POST requests for some reason. I don't really understand why and the support agent that I talked to couldn't tell me why but just try to uninstall/disable your Bitdefender, and if you're getting blocked with a security rule contact your hosting provider and see if they've blocked the IP.