bug #50226 [HttpClient] Ensure HttplugClient ignores invalid HTTP headers (nicolas-grekas)

nicolas-grekas · nicolas-grekas · commit 1d529375fa7e · 2023-05-03T13:45:08.000+02:00
This PR was merged into the 5.4 branch. Discussion ---------- [HttpClient] Ensure HttplugClient ignores invalid HTTP headers | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Tickets | - | License | MIT | Doc PR | - Something we forgot in #47415 Commits ------- f702e66 [HttpClient] Ensure HttplugClient ignores invalid HTTP headers
diff --git a/composer.json b/composer.json
@@ -165,6 +165,7 @@
     },
     "config": {
         "allow-plugins": {
+            "php-http/discovery": false,
             "symfony/runtime": true
         }
     },
diff --git a/src/Symfony/Component/HttpClient/Internal/HttplugWaitLoop.php b/src/Symfony/Component/HttpClient/Internal/HttplugWaitLoop.php
@@ -120,7 +120,11 @@ public function createPsr7Response(ResponseInterface $response, bool $buffer = f
 
         foreach ($response->getHeaders(false) as $name => $values) {
             foreach ($values as $value) {
-                $psrResponse = $psrResponse->withAddedHeader($name, $value);
+                try {
+                    $psrResponse = $psrResponse->withAddedHeader($name, $value);
+                } catch (\InvalidArgumentException $e) {
+                    // ignore invalid header
+                }
             }
         }
 
diff --git a/src/Symfony/Component/HttpClient/Tests/HttplugClientTest.php b/src/Symfony/Component/HttpClient/Tests/HttplugClientTest.php
@@ -267,4 +267,22 @@ function (\Exception $exception) use ($errorMessage, &$failureCallableCalled, $c
         $this->assertSame(200, $response->getStatusCode());
         $this->assertSame('OK', (string) $response->getBody());
     }
+
+    public function testInvalidHeaderResponse()
+    {
+        $responseHeaders = [
+            // space in header name not allowed in RFC 7230
+            ' X-XSS-Protection' => '0',
+            'Cache-Control' => 'no-cache',
+        ];
+        $response = new MockResponse('body', ['response_headers' => $responseHeaders]);
+        $this->assertArrayHasKey(' x-xss-protection', $response->getHeaders());
+
+        $client = new HttplugClient(new MockHttpClient($response));
+        $request = $client->createRequest('POST', 'http://localhost:8057/post')
+            ->withBody($client->createStream('foo=0123456789'));
+
+        $resultResponse = $client->sendRequest($request);
+        $this->assertCount(1, $resultResponse->getHeaders());
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -165,6 +165,7 @@`
`165`	`165`	`},`
`166`	`166`	`"config": {`
`167`	`167`	`"allow-plugins": {`
	`168`	`+ "php-http/discovery": false,`
`168`	`169`	`"symfony/runtime": true`
`169`	`170`	`}`
`170`	`171`	`},`
Original file line number	Diff line number	Diff line change
`@@ -120,7 +120,11 @@ public function createPsr7Response(ResponseInterface $response, bool $buffer = f`
`120`	`120`
`121`	`121`	`foreach ($response->getHeaders(false) as $name => $values) {`
`122`	`122`	`foreach ($values as $value) {`
`123`		`- $psrResponse = $psrResponse->withAddedHeader($name, $value);`
	`123`	`+ try {`
	`124`	`+ $psrResponse = $psrResponse->withAddedHeader($name, $value);`
	`125`	`+ } catch (\InvalidArgumentException $e) {`
	`126`	`+ // ignore invalid header`
	`127`	`+ }`
`124`	`128`	`}`
`125`	`129`	`}`
`126`	`130`