The HttpFoundation component defines an object-oriented layer for the HTTP specification.

Related tags

HTTP php http symfony component symfony-component http-messages
Overview
Comments
  • Use Memcache::replace() first instead of Memcache::set():

    Use Memcache::replace() first instead of Memcache::set():

    Using Memcache::set() in a multi-server environment can yield unexpected results: http://docs.php.net/manual/en/memcache.replace.php#100023

    It's best to attempt replace() first and only use set() if the key does not exist.

    opened by till 4
  • [cache] #45109 add stale while revalidate cache header

    [cache] #45109 add stale while revalidate cache header

    opened by remilemonnier 3
  • Fix for session_start() which doesn't check if the session has already started

    Fix for session_start() which doesn't check if the session has already started

    session_start() runs in the current logic for Native Sessions here without checking first if the session has already started previous to the code running.

    opened by sc0ttkclark 3
  • Prevent browser bfcache by default

    Prevent browser bfcache by default

    Back / forward cache seems to be a fairly recent feature browsers seem to rollout.

    More information can be found here: https://web.dev/bfcache.

    Long story short, when a user for example login then logout from a given application, they could then hit the "Back" button from their browser and access the login page again with the credentials pre-filled as the page would be served from the bfcache. This could lead to security concerns, especially on shared devices where someone could inspect the page and retrieve some user credentials.

    Currently, the sensible defaults for the HTTP cache headers seem to be no-cache, private in order to be conservative by default. A lot of applications currently rely on this to be the sensible default for their application too.

    Replacing no-cache by no-store would prevent bfcache to kick in from any browser and could be considered as a more secure default.

    no-cache shows that returned responses can't be used for subsequent requests to the same URL before checking if server responses have changed. If a proper ETag (validation token) is present as a result, no-cache incurs a roundtrip in an effort to validate cached responses. Caches can however eliminate downloads if the resources haven't changed. In other words, web browsers might cache the assets but they have to check on every request if the assets have changed (304 response if nothing has changed).

    On the contrary, no-store is simpler. This is the case because it disallows browsers and all intermediate caches from storing any versions of returned responses, such as responses containing private/personal information or banking data. Every time users request this asset, requests are sent to the server. The assets are downloaded every time.

    More information can be found here: https://www.keycdn.com/blog/http-cache-headers#no-cache-and-no-store

    The purpose of this PR is to start the discussion rather than bringing a definite solution.

    opened by clemblanco 2
  • Only manipulate headers if not already sent

    Only manipulate headers if not already sent

    When you want to send headers before request finishes via

    class MyController  {
  public function myAction() {
      $response = new Response();
      $response->headers->set(
          'Content-Disposition',
          HeaderUtils::makeDisposition(
              HeaderUtils::DISPOSITION_ATTACHMENT,
              'file.txt
          )
      );
      
      $response->sendHeaders();
      ob_flush();
      flush();

      // do some work to populate response
      sleep(5); // this is only for demonstraton purposes

      return $response;
  }
}

    I get a warning error

    E_WARNING: Cannot modify header information - headers already sent in [Root folder]/vendor/symfony/http-foundation/Session/SessionUtils.php, line 54

    With this PR the headers get only manipulated during kernel.response event if the headers have ot already been sent.

    opened by BlackbitDevs 2
  • Remove `array_reverse` function in x-forwarded-for ip address list

    Remove `array_reverse` function in x-forwarded-for ip address list

    Who suggest the "we should reverse x-forwarded-for ip addresses list" idea and who accepted this i don't know but this behavior is wrong. Client ip address is first one of x-forwarded-for ip address list and if there is a 1 or multiple gateway between client and server, gateway ip addresses are added last of array.

    References:

    • https://en.wikipedia.org/wiki/X-Forwarded-For
    • https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For
    opened by om3rcitak 2
  • Support code 300 (again) in isRedirect() or explain why not.

    Support code 300 (again) in isRedirect() or explain why not.

    Added 300 code to array of valid redirections in isRedirect().
    This remains consistent with deprecated isRedirection() which checked >= 300.

    Not supporting 300 has effects on downstream projects drupal/redirect : https://www.drupal.org/node/2920454

    If there is a good reason for removing support for 300, perhaps it would be a good time to document that.

    Thanks!

    opened by yareckon 2
  • Cache ipCheck

    Cache ipCheck

    In our app we use trusted proxies. Using Blackfire we found IpUtils::checkIp was being called 454 times taking 3.15ms. Caching the result saves those 3ms.

    opened by gonzalovilaseca 2
  • Adjust $requestUri in case of Apache and mod_rewrite.

    Adjust $requestUri in case of Apache and mod_rewrite.

    When apache does internal redirect with mod_rewrite it stores proper URI in server variable REDIRECT_URL.

    Patch to adjust creating $requestUri based on this variable.

    opened by ygerasimov 2
  • Cache a parsed Request in static property

    Cache a parsed Request in static property

    Normally you wouldn't call Request::createFromGlobals() more than once, but sometimes it happens due to bad design in legacy code. Instead of processing the same request data on every call, the parsed result should be stored in a static property on the first call and return the cached data on subsequent calls.

    opened by andreas-bergstrom 2
  • Output buffers must be properly flushed

    Output buffers must be properly flushed

    Output buffers must be properly flushed so the following example could work as expected. /**

    • Example */ // Creates new response object $response = new Response( 'Not found!', 404, array('Content-Type' => 'text/html') ); // Adds HTTP headers required to close the connection $response->headers->add( array( 'Connection' => 'close', 'Content-Length' => strlen($response->getContent()), ) ); // Sends HTTP response $response->send();
    opened by SamvelG 2
  • Automatic conversion of false to array is deprecated

    Automatic conversion of false to array is deprecated

    See PHP RFC: Deprecate autovivification on false https://wiki.php.net/rfc/autovivification_false

    Got the error on a Drupal instance with memcache module and memcache_admin sub module enabled.

    PHP: 8.1.11 Drupal core: 9.5.0-rc1 memcache module : 2.5.0

    Note: in the test: memcache:11211 (hostname: memcache, port: 11211) is the memcached instance running with the docker image bitnami/memcached:1.6.9

    Location: https://example.com/admin/reports/memcache/default/memcache%3A11211 Referrer: https://example.com/admin/reports/memcache/default Message (partial):

    image
    opened by ranqiangjun 1
Releases(v6.2.2)

  • v6.2.2(Dec 16, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.2.1...v6.2.2)

    • bug #48635 Use relative timestamps with MemcachedSessionHandler (tvlooy)
    • bug #48628 Fix dumping array cookies (nicolas-grekas)
    • bug #48421 IPv4-mapped IPv6 addresses incorrectly rejected (bonroyage)
    Source code(tar.gz)
    Source code(zip)

  • v6.2.1(Dec 6, 2022)

  • v6.2.0(Nov 30, 2022)

  • v6.1.8(Nov 28, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.1.7...v6.1.8)

    • bug #48112 Compare cookie with null value as empty string in ResponseCookieValueSame (fancyweb)
    • bug #48050 Check IPv6 is valid before comparing it (PhilETaylor)
    Source code(tar.gz)
    Source code(zip)

  • v6.0.16(Nov 28, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.0.15...v6.0.16)

    • bug #48112 Compare cookie with null value as empty string in ResponseCookieValueSame (fancyweb)
    • bug #48050 Check IPv6 is valid before comparing it (PhilETaylor)
    Source code(tar.gz)
    Source code(zip)

  • v5.4.16(Nov 28, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v5.4.15...v5.4.16)

    • bug #48112 Compare cookie with null value as empty string in ResponseCookieValueSame (fancyweb)
    • bug #48050 Check IPv6 is valid before comparing it (PhilETaylor)
    Source code(tar.gz)
    Source code(zip)

  • v4.4.49(Nov 28, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v4.4.48...v4.4.49)

    • bug #48112 Compare cookie with null value as empty string in ResponseCookieValueSame (fancyweb)
    • bug #48050 Check IPv6 is valid before comparing it (PhilETaylor)
    Source code(tar.gz)
    Source code(zip)

  • v6.2.0-RC1(Nov 25, 2022)

  • v6.2.0-BETA3(Nov 19, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.2.0-BETA2...v6.2.0-BETA3)

    • bug #48112 Compare cookie with null value as empty string in ResponseCookieValueSame (fancyweb)
    • bug #48050 Check IPv6 is valid before comparing it (PhilETaylor)
    Source code(tar.gz)
    Source code(zip)

  • v6.1.7(Oct 28, 2022)

  • v6.0.15(Oct 28, 2022)

  • v5.4.15(Oct 28, 2022)

  • v4.4.48(Oct 28, 2022)

  • v6.2.0-BETA1(Oct 24, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.1.6...v6.2.0-BETA1)

    • feature #47730 Ban DateTime from the codebase (WebMamba)
    • feature #47595 Extract request matchers for better reusability (fabpot)
    • feature #38996 Remove the default values from setters with a nullable parameter (derrabus, nicolas-grekas)
    • feature #47094 Use xxh128 algorithm instead of sha256 for http cache store key (Pascal Woerde)
    • feature #45034 Rename Request::getContentType to getContentTypeFormat (MarkPedron)
    • feature #46491 Introduce FlashBagAwareSessionInterface (VincentLanglet)
    Source code(tar.gz)
    Source code(zip)

  • v6.1.6(Oct 12, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.1.5...v6.1.6)

    • bug #47746 Fix BinaryFileResponse content type detection logic (X-Coder264)
    Source code(tar.gz)
    Source code(zip)

  • v6.0.14(Oct 12, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.0.13...v6.0.14)

    • bug #47746 Fix BinaryFileResponse content type detection logic (X-Coder264)
    Source code(tar.gz)
    Source code(zip)

  • v5.4.14(Oct 12, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v5.4.13...v5.4.14)

    • bug #47746 Fix BinaryFileResponse content type detection logic (X-Coder264)
    Source code(tar.gz)
    Source code(zip)

  • v4.4.47(Oct 12, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v4.4.46...v4.4.47)

    • bug #47746 Fix BinaryFileResponse content type detection logic (X-Coder264)
    Source code(tar.gz)
    Source code(zip)

  • v6.1.5(Sep 30, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.1.4...v6.1.5)

    • bug #47516 Prevent BinaryFileResponse::prepare from adding content type if no content is sent (naitsirch)
    • bug #47530 Always return strings from accept headers (ausi)
    • bug #47434 move flushing outside of Response::closeOutputBuffers (nicolas-grekas)
    Source code(tar.gz)
    Source code(zip)

  • v6.0.13(Sep 30, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.0.12...v6.0.13)

    • bug #47516 Prevent BinaryFileResponse::prepare from adding content type if no content is sent (naitsirch)
    • bug #47530 Always return strings from accept headers (ausi)
    • bug #47434 move flushing outside of Response::closeOutputBuffers (nicolas-grekas)
    Source code(tar.gz)
    Source code(zip)

  • v5.4.13(Sep 30, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v5.4.12...v5.4.13)

    • bug #47516 Prevent BinaryFileResponse::prepare from adding content type if no content is sent (naitsirch)
    • bug #47530 Always return strings from accept headers (ausi)
    • bug #47434 move flushing outside of Response::closeOutputBuffers (nicolas-grekas)
    Source code(tar.gz)
    Source code(zip)

  • v4.4.46(Sep 30, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v4.4.45...v4.4.46)

    • bug #47516 Prevent BinaryFileResponse::prepare from adding content type if no content is sent (naitsirch)
    • bug #47530 Always return strings from accept headers (ausi)
    • bug #47434 move flushing outside of Response::closeOutputBuffers (nicolas-grekas)
    Source code(tar.gz)
    Source code(zip)

  • v6.1.4(Aug 26, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.1.3...v6.1.4)

    • bug #47283 Prevent accepted rate limits with no remaining token to be preferred over denied ones (MatTheCat)
    • bug #47273 Do not send Set-Cookie header twice for deleted session cookie (X-Coder264)
    • bug #47130 Fix invalid ID not regenerated with native PHP file sessions (BrokenSourceCode)
    Source code(tar.gz)
    Source code(zip)

  • v6.0.12(Aug 26, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.0.11...v6.0.12)

    • bug #47283 Prevent accepted rate limits with no remaining token to be preferred over denied ones (MatTheCat)
    • bug #47273 Do not send Set-Cookie header twice for deleted session cookie (X-Coder264)
    • bug #47130 Fix invalid ID not regenerated with native PHP file sessions (BrokenSourceCode)
    Source code(tar.gz)
    Source code(zip)

  • v5.4.12(Aug 26, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v5.4.11...v5.4.12)

    • bug #47283 Prevent accepted rate limits with no remaining token to be preferred over denied ones (MatTheCat)
    • bug #47273 Do not send Set-Cookie header twice for deleted session cookie (X-Coder264)
    • bug #47130 Fix invalid ID not regenerated with native PHP file sessions (BrokenSourceCode)
    Source code(tar.gz)
    Source code(zip)

  • v4.4.45(Aug 26, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v4.4.44...v4.4.45)

    • bug #47130 Fix invalid ID not regenerated with native PHP file sessions (BrokenSourceCode)
    Source code(tar.gz)
    Source code(zip)

  • v6.1.3(Jul 29, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.1.2...v6.1.3)

    • bug #46957 Fix \Stringable support in InputBag::get() (chalasr)
    • bug #46931 Flush backend output buffer after closing. (bradjones1)
    • bug #42033 Fix deleteFileAfterSend on client abortion (nerg4l)
    • bug #46790 Prevent PHP Warning: Session ID is too long or contains illegal characters (BrokenSourceCode)
    • bug #46808 Fix TypeError on null $_SESSION in NativeSessionStorage::save() (chalasr)
    Source code(tar.gz)
    Source code(zip)

  • v6.0.11(Jul 29, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v6.0.10...v6.0.11)

    • bug #46957 Fix \Stringable support in InputBag::get() (chalasr)
    • bug #46931 Flush backend output buffer after closing. (bradjones1)
    • bug #42033 Fix deleteFileAfterSend on client abortion (nerg4l)
    • bug #46790 Prevent PHP Warning: Session ID is too long or contains illegal characters (BrokenSourceCode)
    • bug #46808 Fix TypeError on null $_SESSION in NativeSessionStorage::save() (chalasr)
    Source code(tar.gz)
    Source code(zip)

  • v5.4.11(Jul 29, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v5.4.10...v5.4.11)

    • bug #46931 Flush backend output buffer after closing. (bradjones1)
    • bug #42033 Fix deleteFileAfterSend on client abortion (nerg4l)
    • bug #46790 Prevent PHP Warning: Session ID is too long or contains illegal characters (BrokenSourceCode)
    • bug #46808 Fix TypeError on null $_SESSION in NativeSessionStorage::save() (chalasr)
    Source code(tar.gz)
    Source code(zip)

  • v4.4.44(Jul 29, 2022)

    Changelog (https://github.com/symfony/http-foundation/compare/v4.4.43...v4.4.44)

    • bug #46931 Flush backend output buffer after closing. (bradjones1)
    • bug #42033 Fix deleteFileAfterSend on client abortion (nerg4l)
    • bug #46790 Prevent PHP Warning: Session ID is too long or contains illegal characters (BrokenSourceCode)
    • bug #46808 Fix TypeError on null $_SESSION in NativeSessionStorage::save() (chalasr)
    Source code(tar.gz)
    Source code(zip)
Owner
Symfony
Symfony
GitHub https://symfony.com/http-foundation
The official Hack Language specification.

Deprecated, Unmaintained This repo contains the Hack Language Specification, a modified version of the PHP specification. It is no longer maintained a

Meta Archive 172 Oct 7, 2022
Declarative HTTP Clients using Guzzle HTTP Library and PHP 8 Attributes

Waffler How to install? $ composer require waffler/waffler This package requires PHP 8 or above. How to test? $ composer phpunit Quick start For our e

Waffler 3 Aug 26, 2022
The HttpClient component provides powerful methods to fetch HTTP resources synchronously or asynchronously.

HttpClient component The HttpClient component provides powerful methods to fetch HTTP resources synchronously or asynchronously. Resources Documentati

Symfony 1.7k Jan 6, 2023
Guzzle, an extensible PHP HTTP client

Guzzle, PHP HTTP client Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and trivial to integrate with web services. Simple interf

Guzzle 22.3k Jan 2, 2023
Requests for PHP is a humble HTTP request library. It simplifies how you interact with other sites and takes away all your worries.

Requests for PHP Requests is a HTTP library written in PHP, for human beings. It is roughly based on the API from the excellent Requests Python librar

null 3.5k Dec 31, 2022
A Chainable, REST Friendly, PHP HTTP Client. A sane alternative to cURL.

Httpful Httpful is a simple Http Client library for PHP 7.2+. There is an emphasis of readability, simplicity, and flexibility – basically provide the

Nate Good 1.7k Dec 21, 2022
PHP's lightweight HTTP client

Buzz - Scripted HTTP browser Buzz is a lightweight (<1000 lines of code) PHP 7.1 library for issuing HTTP requests. The library includes three clients

Kris Wallsmith 1.9k Jan 4, 2023
HTTPlug, the HTTP client abstraction for PHP

HTTPlug HTTPlug, the HTTP client abstraction for PHP. Intro HTTP client standard built on PSR-7 HTTP messages. The HTTPlug client interface is compati

The PHP HTTP group 2.4k Dec 30, 2022
PSR-7 HTTP Message implementation

zend-diactoros Repository abandoned 2019-12-31 This repository has moved to laminas/laminas-diactoros. Master: Develop: Diactoros (pronunciation: /dɪʌ

Zend Framework 1.6k Dec 9, 2022
Record your test suite's HTTP interactions and replay them during future test runs for fast, deterministic, accurate tests.

This is a port of the VCR Ruby library to PHP. Record your test suite's HTTP interactions and replay them during future test runs for fast, determinis

php-vcr 1.1k Dec 23, 2022
Requests for PHP is a humble HTTP request library. It simplifies how you interact with other sites and takes away all your worries.

Requests for PHP Requests is a HTTP library written in PHP, for human beings. It is roughly based on the API from the excellent Requests Python librar

null 3.5k Dec 31, 2022
PSR HTTP Message implementations

laminas-diactoros Diactoros (pronunciation: /dɪʌktɒrɒs/): an epithet for Hermes, meaning literally, "the messenger." This package supercedes and repla

Laminas Project 343 Dec 25, 2022
Unirest in PHP: Simplified, lightweight HTTP client library.

Unirest for PHP Unirest is a set of lightweight HTTP libraries available in multiple languages, built and maintained by Mashape, who also maintain the

Kong 1.3k Dec 28, 2022
PHP Curl Class makes it easy to send HTTP requests and integrate with web APIs

PHP Curl Class: HTTP requests made easy PHP Curl Class makes it easy to send HTTP requests and integrate with web APIs. Installation Requirements Quic

null 3.1k Jan 5, 2023
HTTP header kit for PHP 7.1+ (incl. PHP 8) based on PSR-7

HTTP header kit for PHP 7.1+ (incl. PHP 8) based on PSR-7 Installation composer require sunrise/http-header-kit How to use? HTTP Header Collection Mor

Sunrise // PHP 63 Dec 31, 2022
↪️ Bypass for PHP creates a custom HTTP Server to return predefined responses to client requests

Bypass for PHP provides a quick way to create a custom HTTP Server to return predefined responses to client requests.Useful for tests with Pest PHP or PHPUnit.

CiaReis 101 Dec 1, 2022
Application for logging HTTP and DNS Requests

Request Logger Made by Adam Langley ( https://twitter.com/adamtlangley ) What is it? Request logger is a free and open source utility for logging HTTP

null 13 Nov 28, 2022
TusPHP - 🚀a HTTP based protocol for resumable file uploads.

tus is a HTTP based protocol for resumable file uploads. Resumable means you can carry on where you left off without re-uploading whole data again in case of any interruptions. An interruption may happen willingly if the user wants to pause, or by accident in case of a network issue or server outage.

Ankit Pokhrel 1.3k Dec 28, 2022
librestful is a virion for PocketMine servers that make easier, readable code and for async http requests.

librestful is a virion for PocketMine servers that make easier, readable code for async rest requests.

RedMC Network 17 Oct 31, 2022