8000 [HttpFoundation] Remove Cache-Control when using https download via IE<9 (fixes #6750) · Pull Request #7153 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[HttpFoundation] Remove Cache-Control when using https download via IE<9 (fixes #6750) #7153

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 5 commits into from
Closed

[HttpFoundation] Remove Cache-Control when using https download via IE<9 (fixes #6750) #7153

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ef96dd7
[HttpFoundation] Remove Cache-Control when using https download via I…
Feb 22, 2013
81587db
Shortened test for HTTPS request
Feb 22, 2013
4ba4fe4
Added Tests for IE9&10
Feb 22, 2013
6255589
Fixed regular expression
Feb 22, 2013
3354d46
passed tests
Feb 22, 2013
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Next Next commit
[HttpFoundation] Remove Cache-Control when using https download via I… 
…E <9 (fixes #6750)
  • Loading branch information
Johannes Klauss committed Feb 22, 2013
commit ef96dd7900732f6ccb98edae06b8572836fd499a
8 changes: 8 additions & 0 deletions src/Symfony/Component/HttpFoundation/Response.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,6 +253,14 @@ public function prepare(Request $request)
$this->headers->set('expires', -1);
}

/**
* Check if we need to remove Cache-Control for ssl encrypted downloads when using IE < 9
* @link http://support.microsoft.com/kb/323308
*/
if (false !== stripos($this->headers->get('Content-Disposition'), 'attachment') && preg_match('/(?i)msie [1-8]/', $request->server->get('HTTP_USER_AGENT')) && null === $request->server->get('HTTPS')) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe 8000 this comment to others. Learn more.

You should replace null === $request->server->get('HTTPS') by $request->isSecure().

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this regex would match IE 10+ while it does not match IE9. Is it intended ?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and btw, using a case-sensitivity modifer inside the regex is useless here. You could simply apply the i modifier on the whole regex(/msie [1-8]/i)

$this->headers->remove('Cache-Control');
}

return $this;
}

Expand Down
42 changes: 42 additions & 0 deletions src/Symfony/Component/HttpFoundation/Tests/ResponseTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -326,6 +326,48 @@ public function testContentTypeCharset()
$this->assertEquals('text/css; charset=UTF-8', $response->headers->get('Content-Type'));
}

public function testNoCacheControlHeaderOnAttachmentUsingHTTPSAndMSIE()
{
// Check for HTTPS and IE 8
$request = new Request();
$request->server->set('HTTPS', true);
$request->server->set('HTTP_USER_AGENT', 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0)');

$response = new Response();
$response->headers->set('Content-Disposition', 'attachment; filename="fname.ext"');
$response->prepare($request);

$this->assertFalse($response->headers->has('Cache-Control'));

// Check for IE 8 and HTTP
$request->server->set('HTTPS', false);

$response = new Response('', 200);
$response->headers->set('Content-Disposition', 'attachment; filename="fname.ext"');
$response->prepare($request);

$this->assertTrue($response->headers->has('Cache-Control'));

// Check for non-IE and HTTPS
$request->server->set('HTTPS', true);
$request->server->set('HTTP_USER_AGENT', 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.60 Safari/537.17');

$response = new Response('', 200);
$response->headers->set('Content-Disposition', 'attachment; filename="fname.ext"');
$response->prepare($request);

$this->assertTrue($response->headers->has('Cache-Control'));

// Check for non-IE and HTTP
$request->server->set('HTTPS', false);

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Plea&se add some tests with the IE9 and 10 user agents as your regex tries to exclude them.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@stof updated tests.

$response = new Response('', 200);
$response->headers->set('Content-Disposition', 'attachment; filename="fname.ext"');
$response->prepare($request);

$this->assertTrue($response->headers->has('Cache-Control'));
}

public function testPrepareDoesNothingIfContentTypeIsSet()
{
$response = new Response('foo');
Expand Down
0