Interpret content-type header for 'application/x-www-form-urlencoded' correctly #34
Conversation
…ng of string in case there is additional info (such as charset encoding)
…ng of string in case there is additional info (such as charset encoding)
|
Have a look at these lines: $headers = $psrRequest->getHeaders();
array_walk($headers, function(&$val) {
if (1 === count($val)) {
$val = $val[0];
}
});PSR-7 says that Shouldn't (a little refactoring: what about |
|
What about this pull request? At this moment it's really a bug in react/http usage. |
| @@ -133,7 +133,7 @@ public function parseBody($content) | |||
| return; | |||
| } | |||
|
|
|||
| if (strtolower($headers['Content-Type']) == 'application/x-www-form-urlencoded') { | |||
| elseif (strpos(strtolower($headers['Content-Type']), 'application/x-www-form-urlencoded') === 0) { | |||
There was a problem hiding this comment.
Why did you choose to go for === 0over !== false? My preference would be the latter, that leaves room for an client messing up and adding a space in front of it. (Just nitpicking a bit here.)
There was a problem hiding this comment.
Either way is fine, and I can change it if you want.
I can't find anywhere in the the official documents that specifies that the header name must appear as the first character on a line, although I've never seen white space before a header in practice.
Perhaps this may be the least ambiguous:
strpos(strtolower(trim($headers['Content-Type'])), 'application/x-www-form-urlencoded') === 0There was a problem hiding this comment.
Fair enough, leave it as is. Was mostly nitpicking because I've seen clients (and servers) pull really odd stunts so trying to be a bit more defensive and prepared for such occasions.
|
Afaict this has been filed to fix the previously broken master branch. Now that #59 is in, is this still relevant? |
|
Thanks for filing this PR, I can assure you we're working hard on this 👍 This PR currently targets an unstable development feature that is no longer part of the master branch, so I've just filed #105 to keep track of the underlying feature request here. Please bear with us, we'll keep this ticket updated 👍 |
Sometimes the
Content-Typeheader can have additional information, such ascharset. Also, there should only be one Content-Type header in a HTTP Request.This PR fixes interpretation of the
application/x-www-form-urlencodedby comparing only the beginning of theContent-Typeheader value instead of testing for equality. So, now both of these headers will now be interpreted correctly:Worked before:
Works now: