-
-
Notifications
You must be signed in to change notification settings - Fork 9.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[HttpFoundation] Request without content-type or content-length header should result in null values, not empty strings #53432
[HttpFoundation] Request without content-type or content-length header should result in null values, not empty strings #53432
Conversation
It sounds useful to me, but I am not sure what the spec is here (cc @stof). |
Perhaps add a deprecation layer for previous version and change for next? |
I dug deeper and found that it only happens with The result: https://github.com/priyadi/php-empty-content-type-length-test/blob/main/output.txt I believe the correct way forward is to treat this as a bug in We can assume an empty CONTENT_TYPE and CONTENT_LENGTH means the headers are not in the request, as the current state of this PR. Or, we can add a check for I leave the decision to the core devs. |
Ping @symfony/mergers |
According to the CGI spec, not set and empty are equivalent and allowed:
https://www.rfc-editor.org/rfc/rfc3875#section-4.1 As PHP inherits from this spec, we should take empty values in consideration. |
To me, it's a bug fix as we aren't currently spec-compliant. |
@dunglas Do you think we need to extend the same treatment to all headers? i.e. we unset the header if the value is an empty string. |
We could apply something like |
…r should result in null values, not empty strings
95facae
to
3a5b25c
Compare
Thank you @priyadi. |
before doing that, we should verify that there is a SAPI that can report empty strings for headers. |
An HTTP request without content-type and content length will result in the variables
$_SERVER['CONTENT_TYPE']
and$_SERVER['CONTENT_LENGTH']
having an empty string in PHP.For example, the request:
(from curl invocation:
curl -X 'POST' 'http://app.dev.localhost:8000/' -H 'Content-Type:' -H 'Content-length:' -d '' -v> /dev/null
)It will result in the variables
$_SERVER['CONTENT_TYPE']
and$_SERVER['CONTENT_LENGTH']
containing an empty string.In turn,
$request->headers->get('Content-type')
and$request->headers->get('Content-length')
also result in an empty string.This PR changes so that
$request->headers->get('Content-type')
and$request->headers->get('Content-length')
will reflect the original state of the request header, that they return null (due to the fact the headers did not exist in the request), not an empty string (erroneously implying the client sent an empty content-type and content-length headers).