Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize Host header value across all requests #173

Merged
merged 4 commits into from
Apr 22, 2017

Conversation

clue
Copy link
Member

@clue clue commented Apr 21, 2017

This PR makes sure to sanitize the Host header value across all requests.

This means that all of these examples now correctly return the same URI and also the same Host header value example.com without the default port in this case:

GET / HTTP/1.0\r\nHost: example.com\r\n\r\n
GET / HTTP/1.0\r\nHost: example.com:80\r\n\r\n
GET http://example.com/ HTTP/1.0\r\n\r\n
GET http://example.com:80/ HTTP/1.0\r\n\r\n

Also, HTTP/1.0 allows requests with no Host header at all. In this case, it will simply use the local socket address as the host value. This ensures that getUri() always returns a full URI.

This PR may look a bit heavy, but most of the changes are actually added tests and some of the existing URI validation logic moved from the Server to the RequestHeaderParser.

Builds on top of #169, which builds on top of #167, #158 and #157.

@WyriHaximus WyriHaximus merged commit a3b1a84 into reactphp:master Apr 22, 2017
@clue clue deleted the host branch April 22, 2017 09:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants