[HttpFoundation] Find the original request protocol version #21469
Conversation
dcad2b9 to
30f246f
Compare
| public function getOriginalProtocolVersion() | ||
| { | ||
| if ($this->isFromTrustedProxy()) { | ||
| preg_match('~^(HTTP/)?([1-9].[0-9]) ~', $this->headers->get('Via'), $matches); |
There was a problem hiding this comment.
The . must be escaped (currently it matches HTTP/1^1 for instance).
|
The other methods that use |
|
Status: needs work |
|
Security issue: why should "Via" be trusted? |
|
@nicolas-grekas I used the term 'original' to distinguish the request that the user originally made (to some proxy) with the one that PHP has received. Happy to rename if there's a more suitable term. |
| @@ -1536,6 +1536,24 @@ public function isMethodCacheable() | |||
| } | |||
|
|
|||
| /** | |||
| * Returns the original protocol version. | |||
There was a problem hiding this comment.
This description should be improved to explain very briefly what does "the original protocol" mean. Thanks!
|
We don't make any distinction for "original" host/ip/proto/port. I don't see why this shouldn't be the same for the version of the proto. |
|
The response should be the protocol version used by the proxy, not the original client, so they need to be kept separate. |
|
Maybe can we add a method to parse the It may be interesting to know the original protocol version (for instance to add |
that's exactly my point yes: getHost, isSecure, getPort all return the info as used by the client - not the proxy. This should be the same here to me. |
|
👎 Your application is talking to the proxy, so we should return the HTTP protocol of the proxy, not the one used between the client and the proxy. I understand the use case, but that should be done in your application, not in Symfony. |
|
The protocol version isn't being changed in the response. |
|
Thank you @thewilkybarkid. |
…rsion (thewilkybarkid) This PR was submitted for the master branch but it was merged into the 3.4 branch instead (closes #21469). Discussion ---------- [HttpFoundation] Find the original request protocol version | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #21415 | License | MIT | Doc PR | Adds a new method to `Request` to find the original protocol version from the `Via` header, if the request is from a trusted proxy. Commits ------- 5a37f84 [HttpFoundation] Find the original request protocol version
Adds a new method to
Requestto find the original protocol version from theViaheader, if the request is from a trusted proxy.