Fix edge case with StreamedResponse where headers are sent twice#20289
Merged
Conversation
HeahDude
reviewed
Oct 24, 2016
| { | ||
| protected $callback; | ||
| protected $streamed; | ||
| protected $headersSent; |
59c8d69 to
a79991f
Compare
Member
|
Thank you @Nicofuma. |
fabpot
added a commit
that referenced
this pull request
Oct 24, 2016
… twice (Nicofuma) This PR was merged into the 2.7 branch. Discussion ---------- Fix edge case with StreamedResponse where headers are sent twice | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes/no | Fixed tickets | | License | MIT | Doc PR | If you have PHPs output buffering enabled (`output_buffering=4096` in your php.ini per example), there is an edge case with the StreamedResponse object where the headers are sent twice. Even if it is harmless most of the time, it can be critical sometimes (per example, if an `Access-Control-Allow-Origin` header is duplicated the browser will block the request). Explanation: because the streamed response may need the request in order to generate the content, the `StreamedResponseListener` class calls the send method of the `Response` when the event `kernel.response` is fired. To prevent the content from being duplicated, a state has been introduced in the `sendContent()` method and it works fine. But there is an edge case is the headers of the response. If the content generated by the `sendContent()` method is smaller than the value defined for `output_buffering` in the `php.ini` then the buffer won't be flushed and the `headers_sent()` function will return false. Therefore when `$response->send()` is called for the second time (in the `app.php` file), the headers will be sent a second time. Commits ------- a79991f Fix edge case with StreamedResponse where headers are sent twice
Contributor
|
thx Tristan :) |
This was referenced Oct 27, 2016
Merged
Merged
Merged
Contributor
|
Not sure how this bug should be possible because the send method of the response class is supposed to take care of that by calling fastcgi_finish_request which should flush the ob. Unless I'm reading that wrong. |
Contributor
Author
|
@patrick-mcdougle it is tied to the StreamResponse and StreamedResponseListener where |
nicolas-grekas
added a commit
that referenced
this pull request
Oct 19, 2017
This PR was squashed before being merged into the 2.7 branch (closes #24626). Discussion ---------- streamed response should return $this | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | may be yes? | Deprecations? | no | Tests pass? | yes | License | MIT --- `sendHeaders()` and `sendContent()` should return $this, as in the parent class. related PRs: #2935 #20289 Commits ------- 058fb84 streamed response should return $this
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
If you have PHPs output buffering enabled (
output_buffering=4096in your php.ini per example), there is an edge case with the StreamedResponse object where the headers are sent twice. Even if it is harmless most of the time, it can be critical sometimes (per example, if anAccess-Control-Allow-Originheader is duplicated the browser will block the request).Explanation: because the streamed response may need the request in order to generate the content, the
StreamedResponseListenerclass calls the send method of theResponsewhen the eventkernel.responseis fired. To prevent the content from being duplicated, a state has been introduced in thesendContent()method and it works fine.But there is an edge case is the headers of the response. If the content generated by the
sendContent()method is smaller than the value defined foroutput_bufferingin thephp.inithen the buffer won't be flushed and theheaders_sent()function will return false.Therefore when
$response->send()is called for the second time (in theapp.phpfile), the headers will be sent a second time.