[HttpKernel] Do not enable HtmlDumper if the request is issued by curl #13915
Conversation
|
👍 |
|
What happens with Because |
|
I do want to use curl and dump... |
|
@kingcrunch Taking a look at the code, it has no incidence on other HTTP clients, as long as they don't use the same user-agent as cURL. @lyrixx A better approach may be to use the Cli dumper when a specific header is set (like X-Dumper-Format=Cli or X-Dumper-Format=Raw) from the HTTP client, which would switch the dumper from the HTML dumper to the console dumper (or even a raw dumper). This would be much more useful than simply using the user-agent to switch the dumper's strategy :) |
|
please, no user agent specific behaviour. |
Actually exactly that's the point. Now this introduces a special case for Another point against that: When I make a request against an URL I expect that same output a browser would see, because why else should I request an URL? Additionally there may be some ""tidy"-like functionality, or something like that, that this may break, because (I don't know exactly) it could end in invalid HTML. Just my 2 cents :) |
|
you could do with with an accept header instead, if you're really trying to get text. |
|
I totally understand your point of view. And indeed using accept or custom header is cleaner. But here, I really prefer simplicity .I don't want to add custom header each time I had to debug an API. About wget and other: How many time did you use wget to debug an API ? How to you create a POST request with wget ? I might be possible, but seriously, no one debug with wget... |
|
but i do use other http clients that aren't curl or wget. |
|
specifically i use https://github.com/jakubroztocil/httpie which has an httpie/$version user agent. It's much better than curl for most cases imo. |
| { | ||
| // if the request is issued by curl, we do not enable HTML dumper; | ||
| if (false !== strpos($event->getRequest()->headers->get('user-agent'), 'curl/')) { |
There was a problem hiding this comment.
Could we change this condition to enable this behavior only for requests not initiated via CLI?
if ('cli' !== php_sapi_name()) {
CliDumper::$defaultColors = true;
CliDumper::$defaultOutput = 'php://output';
return;
}There was a problem hiding this comment.
I don't understand your comment. It should be 'cli' === ? Anyway, it will not work, because here the sapi IS fpm (or mod php) even if the request comes for curl
There was a problem hiding this comment.
You are right! Forget my comment. I just wondering if there is a way to detect requests made via the CLI, not via a particular user agent.
|
So, the use case is debugging with |
|
@jrobeson I use httpie too ; I could add an exception for But IMHO http works better for an API than for plain HTML. (anyway, that's out of PR scope ;) ) Do you really want to add another header every time you want to debug? Are you feeling comfortable with the current workflow? I have the feeling If we use this header, nobody will be aware of this feature, and people will continue to rant about the ugly output. And even If they know about the special header, they will not using it, because it's not straightforward (me first) to address the issue
=> So, again, Are you sure you want that by default? |
@nicolas-grekas So each time I debug my app with curl, I need to edit my |
|
Or, we could move the condition to the config layer, and use the expression language to evaluate it.
|
So you recommend to enforce a header to get the normal result, but by default change the result depending on who is making the request? That sounds unintuitive. |
|
@lyrixx @nicolas-grekas What about injecting a custom header, as mentioned earlier?
|
Yes, because here, we are talking about debug. A call to the dump function should not be committed, and is available only in dev environment. So I believe it's better to be pragmatic here.
I did not change at all the behavior of HTMLDumper.
Yes, @csarrazi I already answered your question
|
|
If you folks do decide on something, then maybe also disable html_errors php.ini setting, so var_dump prints non html output too. |
|
Once again, the problem with the user-agent is that you may have unwanted side-effects. Also, another issue is that your markup won't display properly if you are using |
|
@lyrixx : the point is.. whatever we wend up switching to decide whether to show a "text mode" variable dump, then we should also twiddle the ini_setting, so var_dump() works too. Let's not add a hack for guzzle too. |
|
It will not be a hack, just a stricter comparison |
|
A lot of you are raising valid concerns about this, but at the end, I think Gregoire's original idea is the right thing to do. Just think about this: right now, when you use
Now asks yourselves: is there any reason why you ever would want that HTML nonsense instead of this useful text dump?
|
|
@javiereguiluz : nobody disagrees with the WHY, only the HOW. |
|
Some people said that the proposed behavior shouldn't be the default behavior. My comment was about: when/why would you want this proposal not to be the default behavior (when using curl)? |
|
@javiereguiluz when you pipe the cURL output to a file that you then view with your browser :) |
|
@nicolas-grekas is that workflow common? I thought that in those cases people used browser extensions such as Postman and Advanced REST Client. |
|
What's wrong with something like? No ugly agent sniffing hacks needed. |
|
1/ You need to know more things |
|
I personally use |
But that falls down if you are testing something that properly does content negotiation, say your bug is only in your JSON output which requires an Using expression language seems like the best bet, users have the flexibility to tweak it match their requirements. |
|
I'm totaly for this feature (I often have the same needs as you @lyrixx ), but I'm for @csarrazi solution: custom header instead of this kind of "hack" (not the good word, but I'm sure you understand). We already use a custom I like also the @nicolas-grekas suggest, this why environnements are made: have a specific configuration :) |
|
Just pushed a new commit to be able to configure the expression... |
|
@mickaelandrieu |
|
@lyrixx I'm fine too with the EL! :) |
|
@mickaelandrieu What are you talking? |
|
|
||
| namespace Symfony\Bundle\DebugBundle; | ||
|
|
||
| use Symfony\Component\Security\Core\Authorization\ExpressionLanguage as BaseExpressionLanguage; |
There was a problem hiding this comment.
is there a reason for not using Symfony\Component\ExpressionLanguage ?
|
It looks like nobody agree on this one. Closing it. I hope someone will find a better solution. |
|
@lyrixx Too bad, I agreed with the selected option and I don't have seen anyone realy opposed to it /c @stof @aitboudad . Did you agree to re open it ? |
|
@lyrixx I was fine too with the EL version, provided you switch to a function provider :) |
|
It's better than nothing 👍 |
|
What about defining a second optional argument to the dump($variable); // outputs 'html'
dump($variable, 'html'); // outputs 'html'
dump($variable, 'txt'); // outputs 'txt'Another idea, what about defining a new function with dump($variable); // outputs 'html'
dump_html($variable); // outputs 'html'
dump_txt($variable); // outputs 'txt' |
|
@javiereguiluz The second option sounds better, because the |
|
Apparently, Laravel project is facing the same issues with the VarDumper component when debugging APIs. Here it is the PR proposed to fix it: laravel/framework#8556 |
|
@javiereguiluz The PR you linked doesn't fix anything with the component. It would just allows Laravel developers to easily replace the dumper instance with one of their own. |
If the request is issue by curl the output of
dumpfunction is in HTML, and so it's "dirty".So, with this patch and the following code, I could get:
In web:
in cli:
\o/