Fix CURLRequest extra headers

[kenjis]

Description
Fixes #4826

• reset unneeded headers
• reset unneeded configs

Checklist:

• Securely signed commits
• Component(s) with PHPDoc blocks, only if necessary or adds value
• Unit testing, with >80% coverage
• User guide updated
• Conforms to style guide

[MGatner]

The code looks good but I would like it if someone else with more CURL experience took a look.

[WinterSilence]

1. I'm already wrote about direct access to global variables Dev: using filter_* functions instead direct access to global variables #4968
2. Use getallheaders() polyfill to get headers by server request
3. Add setter/getter for $unsharedHeaders
4. Why Host, Accept-Encoding not in $unsharedHeaders?

   CodeIgniter4/system/HTTP/CURLRequest.php

   Line 379 in 6832cd5

   $this->removeHeader('Host');

5. Why Referer, Location, Content-MD5 and other dynamic/generic headers not in $unsharedHeader?

P.S. In my opinion, better solution auto calculate dynamic/generic headers before sending request. List of headers to import better than $unsharedHeaders because we need import only small part of request headers.

[WinterSilence]

$header = str_replace('_', '-', strtolower($header));
$titleHeader = ucwords($header, '-');
...
$this->headerMap[$header] = $titleHeader;

[kenjis]

@WinterSilence Thank you for your comment!

Use getallheaders() polyfill to get headers by server request

Why? What is it? CI4 does not have it now.

Add setter/getter for $unsharedHeaders

Why do you need them?

Why Host, Accept-Encoding not in $unsharedHeaders?
Why Referer, Location, Content-MD5 and other dynamic/generic headers not in $unsharedHeader?

It is just because they are not considered yet. This PR only fixes the issue #4826.
I'm not sure what headers should be unshared.
I don't understand the current class design well.

P.S. In my opinion, better solution auto calculate dynamic/generic headers before sending request. List of headers to import better than $unsharedHeaders because we need import only small part of request headers.

Yeah, it is good design. But the current implementation is the opposite.
And once released, we have to keep backward compatibility as much as possible.

After all, I don't understand this class well enough to be able to create a list of headers to share.

[WinterSilence]

@kenjis you can add my polyfill or ralouphie/getallheaders

Why do you need them?

because you can't auto detect all dynamic/generic headers to remove

[kenjis]

Why Host, Accept-Encoding not in $unsharedHeaders?

If they are in $unsharedHeaders, we can't set/use them.

$unsharedHeaders are removed in the top of request().
https://github.com/codeigniter4/CodeIgniter4/pull/5218/files#diff-c1b09d9175e885241fedeb4f406e7c19e3a78397538be28b70492647ae0c4bbaR121

[kenjis]

@WinterSilence

List of headers to import better than $unsharedHeaders because we need import only small part of request headers.

Do you have the header list that you want to import?
To be honest, I don't really understand why we need to import.

[WinterSilence]

@kenjis nope, it's my ugly English... You want use "allow all, deny $unsharedHeaders" list, I vote to use "deny all, allow $sharedHeaders" list. We need save only "cookie" and "auth" headers, other headers should be specified by the user himself.

[kenjis]

I sent another PR: #5249
It is cleaner.

[kenjis]

@WinterSilence

Content-MD5 is removed in RFC 7231 on June 2014.

The Content-MD5 header field has been removed because it was
inconsistently implemented with respect to partial responses.
https://www.rfc-editor.org/rfc/rfc7231

Is there any use case?

[WinterSilence]

@kenjis Sorry, I miss link to my polyfill. Polyfill must be similar to original getallheaders().