Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: use addHeader() #8240

Merged
merged 7 commits into from
Nov 28, 2023
Merged

fix: use addHeader() #8240

merged 7 commits into from
Nov 28, 2023

Conversation

kenjis
Copy link
Member

@kenjis kenjis commented Nov 21, 2023

Description
Follow-up #8194
Fixes #5041

Checklist:

  • Securely signed commits
  • Component(s) with PHPDoc blocks, only if necessary or adds value
  • Unit testing, with >80% coverage
  • User guide updated
  • Conforms to style guide

@kenjis kenjis added bug Verified issues on the current code behavior or pull requests that will fix them 4.5 labels Nov 21, 2023
@kenjis kenjis marked this pull request as draft November 21, 2023 08:58
 ------ --------------------------------------------------
  Line   system/HTTP/CURLRequest.php
 ------ --------------------------------------------------
  485    Call to an undefined method
         CodeIgniter\HTTP\ResponseInterface::addHeader().
 ------ --------------------------------------------------
 ------ -------------------------------------------------------------------
  Line   system/Debug/Toolbar.php
 ------ -------------------------------------------------------------------
  150    Binary operation "+" between non-falsy-string and 1 results in an
         error.
  175    Binary operation "+" between non-falsy-string and 1 results in an
         error.
 ------ -------------------------------------------------------------------
@NicolaeIotu
Copy link
Contributor

I'm setting up the environment and revert when done testing

Copy link
Contributor

@NicolaeIotu NicolaeIotu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi,

Not recommended for production as it is.
I tested these changes and found the following:

  1. Cannot find method addHeader. Is this method added recently? Action: replaced with method appendHeader and continued testing
  2. File system/HTTP/CURLRequest.php @ change "if ($this->response instanceof Response) {": this check may be feasible but not here. If $this->response is not a Response why $this->response->setHeader(... ? and what is the connection with the existence of a certain header? Action: replaced with "if ($this->response->hasHeader($title)) {" and continued testing
  3. This observation may or may not be correct or acceptable for the framework. I'm personally redirecting while appending set-cookie headers obtained from a remote CURLRequest. When this happens my proposal is able to detect all the headers (including the ones appended manually) and 'sendHeaders' correctly in file system/HTTP/ResponseTrait.php. This is a sensitive syntax or you won't be able to get all the headers:
foreach (array_keys($this->headers()) as $name)
{
        $headerValue = $this->getHeader($name)->getValue();
        // !!! custom adjustment to framework
        if(is_array($headerValue)) {
                foreach ($headerValue as $h_value) {
                        header($name . ': ' . $h_value, false, $this->getStatusCode());
                }
        } else {
                header($name . ': ' . $this->getHeaderLine($name), false, $this->getStatusCode());
        }
}

Bottom line is that the change in file system/HTTP/ResponseTrait.php may be correct, but cannot detect all the headers including the ones set manually.


The following is probably a subject for another PR.
When CURLRequest 'verify' is set to false the only action taken is "$curlOptions[CURLOPT_SSL_VERIFYPEER] = $config['verify']".
This may appear to be correct, but actually it relies on a few defaults and assumptions which are mostly correct except for some use cases.
If the request is done to services on private networks where there is no intention or possibility of making host checks when doing SSL requests, then these requests will fail.
For my purposes I'm just adding the following:

if ($config['verify'] === FALSE) {
    $curlOptions[CURLOPT_SSL_VERIFYHOST] = 0;
}

Note that requests to services on private networks are something common nowadays. It may be useful to add an option for CURLOPT_SSL_VERIFYHOST. Some will want to make the checks and some will want to skip this check.
For example the tool curl has the option -k which skips any SSL checks. This is very useful on private networks a.o. cases.

That's all I could find for now. I really hope it helps.

@kenjis
Copy link
Member Author

kenjis commented Nov 22, 2023

Cannot find method addHeader. Is this method added recently? Action: replaced with method appendHeader and continued testing

Can you tell us what you did to test this?
You must checkout this PR branch or download the branch.
https://github.com/kenjis/CodeIgniter4/tree/fix-use-addHeader

@kenjis
Copy link
Member Author

kenjis commented Nov 22, 2023

The CURLOPT_SSL_VERIFYHOST thing has nothing to do with this PR, so please don't put it here.
It will be forgotten once this PR is completed.
If you think it is a bug, please submit a PR or create an Issue.

@NicolaeIotu
Copy link
Contributor

Okay. Found the branch. I'm gonna revert when done testing because I have to merge again with my implementation. Sorry for the delay.
As far as I can see in order to make a PR you need a fork of the project and a branch which will include some commits. Is that correct technically?

Copy link
Contributor

@NicolaeIotu NicolaeIotu left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done testing.

File ResponseTrait.php: I cannot make it work without the suggested changes.

For file CURLRequest.php I think we can agree to replace if ($this->response instanceof Response) { with if ($this->response->hasHeader($title)) {.

Others changes are only suggestions in order to avoid any errors.

Comment on lines +107 to +109
foreach ($value as $header) {
$headers[$name][] = $header->getValueLine();
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
foreach ($value as $header) {
$headers[$name][] = $header->getValueLine();
}
if(is_array($value)) {
foreach ($value as $header) {
$headers[$name][] = $header->getValueLine();
}
}

Comment on lines +148 to +153
foreach ($value as $i => $header) {
$index = $i + 1;
$data['vars']['headers'][esc($name)] ??= '';
$data['vars']['headers'][esc($name)] .= ' (' . $index . ') '
. esc($header->getValueLine());
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
foreach ($value as $i => $header) {
$index = $i + 1;
$data['vars']['headers'][esc($name)] ??= '';
$data['vars']['headers'][esc($name)] .= ' (' . $index . ') '
. esc($header->getValueLine());
}
if(is_array($value)) {
foreach ($value as $i => $header) {
$index = $i + 1;
$data['vars']['headers'][esc($name)] ??= '';
$data['vars']['headers'][esc($name)] .= ' (' . $index . ') '
. esc($header->getValueLine());
}
}

Comment on lines +401 to +416
foreach ($this->headers() as $name => $value) {
if ($value instanceof Header) {
header(
$name . ': ' . $value->getValueLine(),
false,
$this->getStatusCode()
);
} else {
foreach ($value as $header) {
header(
$name . ': ' . $header->getValueLine(),
false,
$this->getStatusCode()
);
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
foreach ($this->headers() as $name => $value) {
if ($value instanceof Header) {
header(
$name . ': ' . $value->getValueLine(),
false,
$this->getStatusCode()
);
} else {
foreach ($value as $header) {
header(
$name . ': ' . $header->getValueLine(),
false,
$this->getStatusCode()
);
}
}
foreach (array_keys($this->headers()) as $name)
{
$headerValue = $this->getHeader($name)->getValue();
if(is_array($headerValue)) {
foreach ($headerValue as $h_value) {
header($name . ': ' . $h_value, false, $this->getStatusCode());
}
} else {
header($name . ': ' . $this->getHeaderLine($name), false, $this->getStatusCode());
}
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't know why my code does not work for you.
It seems your code does the same thing.

What was wrong? Any error message?


$this->response->setHeader($title, $value);
if ($this->response instanceof Response) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if ($this->response instanceof Response) {
if ($this->response->hasHeader($title)) {

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We cannot remove if ($this->response instanceof Response) because the type of $this->response is ResponseInterface, and it does not have the addHeader() method.

Comment on lines +168 to +170
foreach ($value as $header) {
$this->addHeader($name, $header->getValue());
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
foreach ($value as $header) {
$this->addHeader($name, $header->getValue());
}
if(is_array($value)) {
foreach ($value as $header) {
$this->addHeader($name, $header->getValue());
}
}

@kenjis
Copy link
Member Author

kenjis commented Nov 24, 2023

As far as I can see in order to make a PR you need a fork of the project and a branch which will include some commits. Is that correct technically?

Yes, you can send one PR with one branch.

@kenjis kenjis merged commit b4f6af0 into codeigniter4:4.5 Nov 28, 2023
45 checks passed
@kenjis kenjis deleted the fix-use-addHeader branch November 28, 2023 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
4.5 bug Verified issues on the current code behavior or pull requests that will fix them
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants