bug #60547 [HttpFoundation] Fixed 'Via' header regex (thecaliskan)

nicolas-grekas · nicolas-grekas · commit f405d3ac0330 · 2025-05-30T09:36:27.000+02:00
This PR was merged into the 6.4 branch. Discussion ---------- [HttpFoundation] Fixed 'Via' header regex | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | - | License | MIT #### 📝 Purpose This MR updates the regular expression used to extract the HTTP protocol version from the `Via` header in the `Request::getProtocolVersion()` method. #### 🎯 Summary of Changes **Old regex:** ```php ~^(HTTP/)?([1-9]\.[0-9]) ~ ``` This pattern failed to match valid values like HTTP/1.1 or 2.0 when there was no trailing space. As a result, values passed from proxies (e.g., via proxy_set_header Via $server_protocol;) were not detected correctly. New regex: ```php ~^(HTTP/)?([1-9]\.[0-9])\b~ ``` #### ✅ Benefits - Replaces dependency on a trailing space with `\b` (word boundary), allowing the regex to match both space-terminated and non-space-terminated inputs. - Correctly handles common `Via` header formats such as: - `HTTP/1.1` - `2.0` - `HTTP/2.0 nginx-proxy` - `1.1 custom-hop` - Ensures compatibility with reverse proxy configurations (e.g., Nginx, Traefik) where the `Via` header may vary in format. - Improves robustness and reliability of HTTP version detection in proxied environments. Commits ------- 4bfb8da fixed Via regex
diff --git a/src/Symfony/Component/HttpFoundation/Request.php b/src/Symfony/Component/HttpFoundation/Request.php
@@ -1466,7 +1466,7 @@ public function isMethodCacheable(): bool
     public function getProtocolVersion(): ?string
     {
         if ($this->isFromTrustedProxy()) {
-            preg_match('~^(HTTP/)?([1-9]\.[0-9]) ~', $this->headers->get('Via') ?? '', $matches);
+            preg_match('~^(HTTP/)?([1-9]\.[0-9])\b~', $this->headers->get('Via') ?? '', $matches);
 
             if ($matches) {
                 return 'HTTP/'.$matches[2];
diff --git a/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php b/src/Symfony/Component/HttpFoundation/Tests/RequestTest.php
@@ -2402,6 +2402,8 @@ public static function protocolVersionProvider()
             'trusted with via and protocol name' => ['HTTP/2.0', true, 'HTTP/1.0 fred, HTTP/1.1 nowhere.com (Apache/1.1)', 'HTTP/1.0'],
             'trusted with broken via' => ['HTTP/2.0', true, 'HTTP/1^0 foo', 'HTTP/2.0'],
             'trusted with partially-broken via' => ['HTTP/2.0', true, '1.0 fred, foo', 'HTTP/1.0'],
+            'trusted with simple via' => ['HTTP/2.0', true, 'HTTP/1.0', 'HTTP/1.0'],
+            'trusted with only version via' => ['HTTP/2.0', true, '1.0', 'HTTP/1.0'],
         ];
     }
 

Original file line number	Diff line number	Diff line change
`@@ -1466,7 +1466,7 @@ public function isMethodCacheable(): bool`
`1466`	`1466`	`public function getProtocolVersion(): ?string`
`1467`	`1467`	`{`
`1468`	`1468`	`if ($this->isFromTrustedProxy()) {`
`1469`		`- preg_match('~^(HTTP/)?([1-9]\.[0-9]) ~', $this->headers->get('Via') ?? '', $matches);`
	`1469`	`+ preg_match('~^(HTTP/)?([1-9]\.[0-9])\b~', $this->headers->get('Via') ?? '', $matches);`
`1470`	`1470`
`1471`	`1471`	`if ($matches) {`
`1472`	`1472`	`return 'HTTP/'.$matches[2];`
Original file line number	Diff line number	Diff line change
`@@ -2402,6 +2402,8 @@ public static function protocolVersionProvider()`
`2402`	`2402`	`'trusted with via and protocol name' => ['HTTP/2.0', true, 'HTTP/1.0 fred, HTTP/1.1 nowhere.com (Apache/1.1)', 'HTTP/1.0'],`
`2403`	`2403`	`'trusted with broken via' => ['HTTP/2.0', true, 'HTTP/1^0 foo', 'HTTP/2.0'],`
`2404`	`2404`	`'trusted with partially-broken via' => ['HTTP/2.0', true, '1.0 fred, foo', 'HTTP/1.0'],`
	`2405`	`+ 'trusted with simple via' => ['HTTP/2.0', true, 'HTTP/1.0', 'HTTP/1.0'],`
	`2406`	`+ 'trusted with only version via' => ['HTTP/2.0', true, '1.0', 'HTTP/1.0'],`
`2405`	`2407`	`];`
`2406`	`2408`	`}`
`2407`	`2409`