[HttpClient] Psr18Client ignore invalid HTTP headers #47415
Conversation
|
Hey! I see that this is your first PR. That is great! Welcome! Symfony has a contribution guide which I suggest you to read. In short:
Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change. When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor! I am going to sit back now and wait for the reviews. Cheers! Carsonbot |
|
This doesn't seem legit to me. The HTTP 1.1 specification doesn't allow spaces before names. |
|
This is true, normally it must not be space. But I am sending a request to the payment gateway of the old State Bank. And they have this issue in their header response. As this trimming is done on other HTTP client libraries, I thought we could also add it in symfony client |
|
Can you share a raw response from this server? (after removing any confidential info of course) |
|
This is the example curl command: curl_setopt_array($curl, [
CURLOPT_HEADER => true,
CURLOPT_URL => 'https://3dsecure.vakifbank.com.tr:4443/MPIAPI/MPI_Enrollment.aspx',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 0,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => 'MerchantId=000000000111111&MerchantPassword=3XTgER89as&MerchantType=0&PurchaseAmount=1.01&VerifyEnrollmentRequestId=ce7067e9ccd023889124a8dde4b5fd5b&Currency=949',
CURLOPT_HTTPHEADER => [
'Host: 3dsecure.vakifbank.com.tr',
'User-Agent: Symfony HttpClient/Curl',
'Content-Type: application/x-www-form-urlencoded'
],
]);
$response = curl_exec($curl);
$header_size = curl_getinfo($curl, CURLINFO_HEADER_SIZE);
$header = substr($response, 0, $header_size);
curl_close($curl);you can also run it and check. Here is what I see when I dump this |
|
Do browsers understand this header? Any link that tells about that? |
|
This is an API call, browsers don't render the content received from this response. I just parse the XML response and use the data I get. curl --location --request POST 'https://3dsecure.vakifbank.com.tr:4443/MPIAPI/MPI_Enrollment.aspx' \
--header 'Host: 3dsecure.vakifbank.com.tr' \
--header 'User-Agent: Symfony HttpClient/Curl' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'MerchantId=000000000111111' \
--data-urlencode 'MerchantPassword=3XTgER89as' \
--data-urlencode 'MerchantType=0' \
--data-urlencode 'PurchaseAmount=1.01' \
--data-urlencode 'VerifyEnrollmentRequestId=ce7067e9ccd023889124a8dde4b5fd5b' \
--data-urlencode 'Currency=949'
|
|
OK understood. Let's do as postman, aka ignore invalid headers. |
|
All right, I will do necessary changes within this week. |
|
Hi @nicolas-grekas, I did the changes you asked |
|
Thank you @nuryagdym. |
…ders (nicolas-grekas) This PR was merged into the 5.4 branch. Discussion ---------- [HttpClient] Ensure HttplugClient ignores invalid HTTP headers | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - Something we forgot in #47415 Commits ------- f702e66 [HttpClient] Ensure HttplugClient ignores invalid HTTP headers
Hi,
I working on a library that I am working on supports PSR-18 and PSR-7 implementations.
I tried following PSR-7 libraries:
nyholm/psr7
laminas/laminas-diactoros
slim/psr7
and following PSR-18 clients:
php-http/curl-client
symfony/http-client
guzzlehttp/guzzle
and when I tried combination of all these PSR-7 and PSR-18 libraries.
I faced issue only on
symfony/http-clientPsr18Client client.Error is caused when I received response with header name containing leading space " x-xss-protection". This library does not trim response header names that is why all 3 PSR-7 libraries throwing error "Header values must be RFC 7230 compatible strings" when used in combination with
symfony/http-client.The other 2 PSR-18 clients trim header names:
guzzlehttp/guzzle: GuzzleHttp\Handler\CurlFactory::createHeaderFn()
php-http/curl-client: Http\Client\Curl\Client::prepareRequestOptions()
So, I added trim line on Psr18Client, hope it does not break anything, it is working for me at least.
I guess this fix should be done on all maintained versions of this library as well.
PS
I also, tried to trim using
Symfony\Component\HttpClient\HttpClientTrait::normalizeHeaders()but it does not do anything about this leading space in the header name.