Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Resolve Host header and X-Forwarded-Proto regressions #95

Merged

Conversation

weierophinney
Copy link
Member

Q A
Documentation no
Bugfix yes
BC Break no
New Feature no
RFC no
QA yes

Description

The patch introduced in 2.11.1 introduced 2 regressions:

  • FilterUsingXForwardedHeaders was not filtering the X-Forwarded-Proto value before assigning it to the Uri instance, which could lead to exceptions when the value was not one of "http" or "https".
  • ServerRequestFactory::fromGlobals() was no longer considering the Host header when resolving the host and port, which could lead to unexpected values for both items in the generated Uri instance.

This patch introduces tests to ensure the regressions do not occur in future releases, and patches to resolve them.

This resolves a regression in 2.11.1 whereby FilterUsingXForwardedHeaders was using the X-Forwarded-Proto value without filtering it (which was done in prior releases).

Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
2.11.1 introduced a regression whereby the `Host` header was no longer being considered for purposes of generating the URI.
This patch adds those facilities to `ServerRequestFactory::fromGlobals()`, as well as a unit test.

Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
@weierophinney weierophinney added this to the 2.11.2 milestone Jun 29, 2022
@weierophinney weierophinney added the Bug Something isn't working label Jun 29, 2022
Signed-off-by: Matthew Weier O'Phinney <matthew@weierophinney.net>
@weierophinney weierophinney merged commit 78846cb into laminas:2.11.x Jun 29, 2022
@weierophinney weierophinney deleted the hotfix/host-proto-regressions branch June 29, 2022 14:15
@ketedrum
Copy link

ketedrum commented Jul 3, 2022

Hi guys,

One curious side-effect from this is that on a host with a port e.g localhost:8000, the port now appears twice in the Host header, i.e the Host header value now becomes localhost:8000:8000.

That's probably because $_SERVER['HTTP_HOST'] already contains the port within it (at least for the server I've observed this with, which is Caddy/v2.5.1). In this case, the $headers result from marshalHeadersFromSapi already has a port within the Host header.

marshalHostAndPortFromHeader correctly marshalls the port (but by this time the host itself has a port), therefore when checking for a port in marshalUriFromSapi and performing $uri->withPort($port) the resulting $uri repeats the port.

Not sure if I'm missing something here or if it's my server confguration, I noticed when ServerUrlHelper was generating two ports for this particular use case..

Many thanks.

@Ocramius
Copy link
Member

Ocramius commented Jul 3, 2022

@collinspamba please report a new issue, and if you can, add a failing test case to it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Bug Something isn't working
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants