Skip to content

[HttpClient] may leak InvalidArgumentException for malformed location header on redirect #58857

New issue
New issue
Closed
Closed
[HttpClient] may leak InvalidArgumentException for malformed location header on redirect#58857
Labels
BugHttpClientStatus: Needs Review
@TimWolla

Description

@TimWolla
TimWolla
opened on Nov 13, 2024

Symfony version(s) affected

git 7.2

Description

When the returned location header for a 3xx HTTP response is of the form http:[a-z]+, Symfony HTTP client will throw Symfony\Component\HttpClient\Exception\InvalidArgumentException, which is not a legal Exception according to the contract of the HttpClient.

It should throw RedirectionException instead.

How to reproduce

<?php

use Symfony\Component\HttpClient\HttpClient;

require('vendor/autoload.php');

$client = HttpClient::create();
$response = $client->request(
    'GET',
    'http://localhost:8080/redirect.php'
);

var_dump($response->getHeaders());

running against redirect.php:

<?php
header('location: http:localhost');

with PHP's embedded HTTP server:

$ php -S localhost:8080
[Wed Nov 13 17:14:07 2024] PHP 8.3.13 Development Server (http://localhost:8080) started
[Wed Nov 13 17:14:15 2024] 127.0.0.1:53780 Accepted
[Wed Nov 13 17:14:15 2024] 127.0.0.1:53780 [302]: GET /redirect.php
[Wed Nov 13 17:14:15 2024] 127.0.0.1:53780 Closing

results in:

PHP Fatal error:  Uncaught Symfony\Component\HttpClient\Exception\InvalidArgumentException: Invalid URL: host is missing in "http:localhost". in symfony/src/Symfony/Component/HttpClient/HttpClientTrait.php:615
Stack trace:
#0 symfony/src/Symfony/Component/HttpClient/CurlHttpClient.php(442): Symfony\Component\HttpClient\CurlHttpClient::resolveUrl()
#1 symfony/src/Symfony/Component/HttpClient/Response/CurlResponse.php(429): Symfony\Component\HttpClient\CurlHttpClient::Symfony\Component\HttpClient\{closure}()
#2 symfony/src/Symfony/Component/HttpClient/Response/CurlResponse.php(86): Symfony\Component\HttpClient\Response\CurlResponse::parseHeaderLine()
#3 [internal function]: Symfony\Component\HttpClient\Response\CurlResponse::Symfony\Component\HttpClient\Response\{closure}()
#4 symfony/src/Symfony/Component/HttpClient/Response/CurlResponse.php(295): curl_multi_exec()
#5 symfony/src/Symfony/Component/HttpClient/Response/TransportResponseTrait.php(167): Symfony\Component\HttpClient\Response\CurlResponse::perform()
#6 symfony/src/Symfony/Component/HttpClient/Response/CommonResponseTrait.php(145): Symfony\Component\HttpClient\Response\CurlResponse::stream()
#7 symfony/src/Symfony/Component/HttpClient/Response/TransportResponseTrait.php(61): Symfony\Component\HttpClient\Response\CurlResponse::initialize()
#8 symfony/test.php(13): Symfony\Component\HttpClient\Response\CurlResponse->getHeaders()
#9 {main}
  thrown in symfony/src/Symfony/Component/HttpClient/HttpClientTrait.php on line 615

Possible Solution

This is related to #58836, which fixed the location header parsing for non-http schemes, e.g. location: localhost:8080.

Additional Context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    BugHttpClientStatus: Needs Review

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions