8000 bug #47415 [HttpClient] Psr18Client ignore invalid HTTP headers (nury… · symfony/symfony@b96f1c4 · GitHub
[go: up one dir, main page]
Skip to content

Commit b96f1c4

Browse files
nicolas-grekasnicolas-grekas
committed
bug #47415 [HttpClient] Psr18Client ignore invalid HTTP headers (nuryagdym)
This PR was merged into the 4.4 branch. Discussion ---------- [HttpClient] Psr18Client ignore invalid HTTP headers | Q | A | ------------- | --- | Branch? | 4.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | | License | MIT | Doc PR | symfony/symfony-docs Hi, I working on a library that I am working on supports PSR-18 and PSR-7 implementations. I tried following PSR-7 libraries: nyholm/psr7 laminas/laminas-diactoros slim/psr7 and following PSR-18 clients: php-http/curl-client symfony/http-client guzzlehttp/guzzle and when I tried combination of all these PSR-7 and PSR-18 libraries. I faced issue only on `symfony/http-client` _Psr18Client_ client. Error is caused when I received response with header name containing leading space " x-xss-protection". This library does not trim response header names that is why all 3 PSR-7 libraries throwing error "**Header values must be RFC 7230 compatible strings**" when used in combination with `symfony/http-client`. The other 2 PSR-18 clients trim header names: [guzzlehttp/guzzle: GuzzleHttp\Handler\CurlFactory::createHeaderFn()](https://github.com/guzzle/guzzle/blob/b50a2a1251152e43f6a37f0fa053e730a67d25ba/src/Handler/CurlFactory.php#L567) [php-http/curl-client: Http\Client\Curl\Client::prepareRequestOptions()](https://github.com/php-http/curl-client/blob/2ed4245a817d859dd0c1d51c7078cdb343cf5233/src/Client.php#L226) So, I added trim line on _Psr18Client_, hope it does not break anything, it is working for me at least. I guess this fix should be done on all maintained versions of this library as well. PS I also, tried to trim using `Symfony\Component\HttpClient\HttpClientTrait::normalizeHeaders()` but it does not do anything about this leading space in the header name. Commits ------- f6f8748 Psr18Client ignore invalid HTTP headers
2 parents 1d75f4e + f6f8748 commit b96f1c4

File tree

2 files changed

+25
-1
lines changed

2 files changed

+25
-1
lines changed

src/Symfony/Component/HttpClient/Psr18Client.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,7 +100,11 @@ public function sendRequest(RequestInterface $request): ResponseInterface
100100

101101
foreach ($response->getHeaders(false) as $name => $values) {
102102
foreach ($values as $value) {
103-
$psrResponse = $psrResponse->withAddedHeader($name, $value);
103+
try {
104+
$psrResponse = $psrResponse->withAddedHeader($name, $value);
105+
} catch (\InvalidArgumentException $e) {
106+
// ignore invalid header
107+
}
104108
}
105109
}
106110

src/Symfony/Component/HttpClient/Tests/Psr18ClientTest.php

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,12 @@
1313

1414
use Nyholm\Psr7\Factory\Psr17Factory;
1515
use PHPUnit\Framework\TestCase;
16+
use Symfony\Component\HttpClient\MockHttpClient;
1617
use Symfony\Component\HttpClient\NativeHttpClient;
1718
use Symfony\Component\HttpClient\Psr18Client;
1819
use Symfony\Component\HttpClient\Psr18NetworkException;
1920
use Symfony\Component\HttpClient\Psr18RequestException;
21+
use Symfony\Component\HttpClient\Response\MockResponse;
2022
use Symfony\Contracts\HttpClient\Test\TestHttpServer;
2123

2224
class Psr18ClientTest extends TestCase
@@ -81,4 +83,22 @@ public function test404()
8183
$response = $client->sendRequest($factory->createRequest('GET', 'http://localhost:8057/404'));
8284
$this->assertSame(404, $response->getStatusCode());
8385
}
86+
87+
public function testInvalidHeaderResponse()
88+
{
89+
$responseHeaders = [
90+
// space in header name not allowed in RFC 7230
91+
' X-XSS-Protection' => '0',
92+
'Cache-Control' => 'no-cache',
93+
];
94+
$response = new MockResponse('body', ['response_headers' => $responseHeaders]);
95+
$this->assertArrayHasKey(' x-xss-protection', $response->getHeaders());
96+
97+
$client = new Psr18Client(new MockHttpClient($response));
98+
$request = $client->createRequest('POST', 'http://localhost:8057/post')
99+
->withBody($client->createStream('foo=0123456789'));
100+
101+
$resultResponse = $client->sendRequest($request);
102+
$this->assertCount(1, $resultResponse->getHeaders());
103+
}
84104
}

0 commit comments

Comments
 (0)
0