Incorrect protocol number at headers

[emanuelb]

The following code:

        \header('HTTP/1.1 403 Forbidden');
        \header('HTTP/1.1 404 Not Found');

used in:
https://github.com/paragonie/airship/blob/master/src/cabins.php#L138
https://github.com/paragonie/airship/blob/master/src/Cabin/Bridge/Landing/IndexPage.php#L112
https://github.com/paragonie/airship/blob/master/src/bootstrap.php#L32
https://github.com/paragonie/airship/blob/master/src/Cabin/Hull/Landing/CustomPages.php#L93
https://github.com/paragonie/airship/blob/master/src/Engine/AutoPilot.php#L470

hardcode 'HTTP/1.1' which is incorrect if the client sent HTTP 1.0 request / connection made over HTTP 2, thus may cause bugs:
https://secure.php.net/manual/en/function.header.php#92305

fix:
use code that based on the solution at:
https://stackoverflow.com/questions/3258634/php-how-to-send-http-response-code#23190950
or use http_response_code function:
https://secure.php.net/http_response_code

[paragonie-scott]

This is absolutely my fault and I will get this fixed in the next release. Thank you very much for this report.

[kelunik]

Section 19.6 of https://www.ietf.org/rfc/rfc2616.txt

[...] we would expect commercial HTTP/1.1 servers to:

• recognize the format of the Request-Line for HTTP/0.9, 1.0, and 1.1 requests;
• understand any valid request in the format of HTTP/0.9, 1.0, or 1.1;
• respond appropriately with a message in the same major version used by the client.

That means the response is correct for HTTP/1.0 requests. I guess Airship doesn't have to support HTTP/0.9. For HTTP/2 I have no idea how Apache and other SAPIs handle that.