Skip to content

Sanitize Host header value across all requests#173

Merged
WyriHaximus merged 4 commits intoreactphp:masterfrom
clue-labs:host
Apr 22, 2017
Merged

Sanitize Host header value across all requests#173
WyriHaximus merged 4 commits intoreactphp:masterfrom
clue-labs:host

Conversation

@clue
Copy link
Member

@clue clue commented Apr 21, 2017

This PR makes sure to sanitize the Host header value across all requests.

This means that all of these examples now correctly return the same URI and also the same Host header value example.com without the default port in this case:

GET / HTTP/1.0\r\nHost: example.com\r\n\r\n
GET / HTTP/1.0\r\nHost: example.com:80\r\n\r\n
GET http://example.com/ HTTP/1.0\r\n\r\n
GET http://example.com:80/ HTTP/1.0\r\n\r\n

Also, HTTP/1.0 allows requests with no Host header at all. In this case, it will simply use the local socket address as the host value. This ensures that getUri() always returns a full URI.

This PR may look a bit heavy, but most of the changes are actually added tests and some of the existing URI validation logic moved from the Server to the RequestHeaderParser.

Builds on top of #169, which builds on top of #167, #158 and #157.

@clue clue added this to the v0.7.0 milestone Apr 21, 2017
@WyriHaximus WyriHaximus merged commit a3b1a84 into reactphp:master Apr 22, 2017
@clue clue deleted the host branch April 22, 2017 09:26
@clue clue mentioned this pull request Jun 15, 2017
Merged
@clue clue mentioned this pull request Jul 27, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jsor jsor jsor approved these changes

@WyriHaximus WyriHaximus WyriHaximus approved these changes

Assignees

No one assigned

Labels

HTTP/1.0 HTTP/1.1 new feature

Projects

None yet

Milestone

v0.7.0

Development

Successfully merging this pull request may close these issues.

3 participants

@clue @jsor @WyriHaximus