Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cookie-header detection must be case insensitive #2789

Merged
merged 2 commits into from
Aug 10, 2019
Merged

Cookie-header detection must be case insensitive #2789

merged 2 commits into from
Aug 10, 2019

Conversation

mapogolions
Copy link
Contributor

@mapogolions mapogolions commented Aug 10, 2019

Follow the official guide to create a simple application and reproduce the bug.

// imports
$app->get('/', function (Request $request, Response $response, $args) {
    header('Set-Cookie: name=foo');
    $response = $response->withHeader('Set-Cookie', 'name=bar');
    $response->getBody()->write("Hello world!");
    return $response;
});
$app->run();

While everything is fine, the browser receives two headers with the same fields but different values.

Set-Cookie: name=foo
Set-Cookie: name=bar

However, when we start using case insensitive names, the behavior changes.

// imports
$app->get('/', function (Request $request, Response $response, $args) {
    header('Set-Cookie: name=foo');
    $response = $response->withHeader('set-cOOkie', 'name=bar');
    $response->getBody()->write("Hello world!");
    return $response;
});
$app->run();
set-cOOkie: name=bar

@coveralls
Copy link

Coverage Status

Coverage remained the same at 100.0% when pulling c6b9b5f on mapogolions:fix/header-field-case-insensitive into 4ddb1bf on slimphp:4.x.

@l0gicgate l0gicgate added this to the 4.2.0 milestone Aug 10, 2019
@l0gicgate l0gicgate merged commit 240536f into slimphp:4.x Aug 10, 2019
@mapogolions mapogolions deleted the fix/header-field-case-insensitive branch August 10, 2019 15:45
@l0gicgate l0gicgate mentioned this pull request Aug 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants